2019 Cyber Review

2019 was an interesting year.  Political intrigue, economic transformation, and social changes headlined newsworthy events.  More importantly but less publicized were data breaches and mind-numbing losses of 2.6 billion user accounts and personal data.

These losses spread across banking, internet, and social media giants, including Capitol One, Door Dash, Smart Home, Elastic Search, Twitter, and Facebook.  And these are only the reported major breaches.

Standing out in the herd of those failing to protect our personal data are corporations and technological giants professing concern and the know-how to maintain data integrity.  Yet they continue to be vulnerable to security breaches.  So what’s the answer?

Three major changes to corporate security.

1. Formally recognize data threats by creating a board level position responsible for overseeing all security issues.

2. Understand that countering threats involves more than technology. Many breaches result from witting and unwitting insiders.  Put IT, cyber security, physical security, HR, privacy, insider threat, civil liberties, general counsel, and operations under one security umbrella and work in concert.

3. Identify data to be protected (corporate crown jewels) within a prioritized framework that allows for proper selection of protective technology and appropriate application of policies and procedures.

Implementing such improvements will add layers of protection for everyone and identify those who stand out from the heard.