Charles White, founder & CEO of IRM Security puts organisations to the test by sending in disguised ‘criminals’ who are able to breeze past security in a telecoms engineers jacket, dropping off cleverly branded and infected USB sticks and the like. In this video, he doles out some overdue advice to CISOs.
The cybercriminal as we once knew, in his underpants, in his bedroom is no longer the threat. Cybercriminals have gotten serious and organised as enterprises are being picked off like flies because of lazy compliance check-boxing and low-hanging fruit being ignored without considering the bigger picture of their security.
- (0:07) What is the biggest challenge for a CISO today?
- (1:29) How would you advise CISOs that are assessing the risks and threats to their organisation?
This interview is in response to a report from ENISA (the European Union Agency For Network And Information Security) has found that there is a lack of consistency in how the cost of cyber crime is calculated in reports.
Charles White, founder and CEO of IRM, comments: “With so many variables involved in cyber attacks, it’s unsurprising that ENISA has found problems with the way cost reports are calculated.
“The cost of a breach to each organisation can vary enormously depending on what assets are targeted, how important they are to this particular company, and what recovery capabilities they currently have. The theft of the exact same set of data could incur wildly different costs on two organisations based on the way they utilise the data and how quickly they can get back on track.
“While these cost reports do provide a useful backdrop, companies absolutely need to focus on their own unique risk landscape if they are to have an accurate understanding of the potential cost of a breach.
“However, our Risky Business Report found that more than a third of CISOs have no clear idea of what assets their businesses have or where they are located on the network. Further, only 28 per cent regularly conduct exercises to categorise and value the data within their IT estate.
“Without this information, organisations have little hope of calculating how much a breach could cost them, which also makes effective budgeting very difficult. CISOs not only need to be aware of the value of their assets, but they also need to effectively communicate the associated risks and costs to the board if they are to effectively protect them.”