Friday, 21st January 2022 - “Cyber security is no longer a bill, it is part of your business”, said cyber security expert and owner of Kloudfyre Networks Stevez Gomes at yesterday’s BVI Finance Breakfast Forum on Cyber Security – Incident Response, in partnership with the Information System Security Association (ISSA).
The expert made the statement to underscore the need for companies to invest in cyber security prior to experiencing major security incidents.
What’s a security incident? It is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information. Doesn’t have to be only digital, can be physical as well. This could be anything from an email going to the wrong recipient, or a security breach that means a major disruption to an organization’s operations.
Mr. Gomes, co-facilitator of the forum, gave a thorough explanation of the incident response process, in which he highlighted the need for companies to “accept that things will happen” and to have incident response plans in place that are continuously tested and challenged.
The incident response process is a strategy that includes four key parts: Preparation, Detection & Analysis, Containment, Eradication & Recovery, and Post-Incident. According to Mr. Gomes' preparation is ‘ground zero’ and involves establishing policies, procedures and agreements covering the management and response to security incidents before you need them. More specifically, this involves identifying key contacts, requesting employees to report suspicious emails and activities that might compromise network security, challenging and improving the incident response plan, and documenting procedures for incident handling.
The expert encouraged managers to create, encourage and nurture a security culture, as “it is your first line of defense.” He also said managers should include cyber security in business continuity plans, just as they would include natural disasters. “Have you developed security policies for the organization, and are employees aware of the policies?” is one question he posed to assess a company’s current security culture.
Mr. Gomes was joined by Ehab Tarabay - Global Manager of workplace IT - TMF, who affirmed that the “merging of physical and virtual worlds” means that companies and individuals must accept their vulnerability to cyber security threats, as cybercrime is increasing globally.
The exponential increase in cyber security challenges was further highlighted by Elise Donovan - CEO of BVI Finance, who shared predictions of global losses as a result of cybercrime; that being over $6 trillion by the end of 2021, and $10 trillion by 2025.
Mr. Tarabay’s presentation addressed the vulnerability of companies by discussing a security breach that happened to JP Morgan in 2014. The company had invested over $250-million and had a team of over one thousand security experts but were still exposed to a security breach.
To that end, Mr. Tarabay said, “This is an eye opener for smaller businesses” whose cyber security or technology budgets do not compare.
He also referenced the quote by Robert Mueller, FB Director who said, “There are only two types of companies: those that have been hacked, and those that will be.”
Yesterday’s BVI Finance Breakfast forum was session two of a cyber security series held in partnership with ISSA.
ISSA’s core purpose is to promote a secure digital world. It is a non-profit organization community of choice for international cybersecurity professionals dedicated to advancing individual growth, managing technology risk and protecting critical information and infrastructure.
Click here to watch video.