Posted by: David Scott
best business practice, business ability, business adaptability, business alignment, business and IT policy, business and IT planning, business and IT solutions, business breach, business challenge, business continuity, cyber attack, cyber security, cyber threat, cyber training, cyber war, cyberwar, DAPR, disaster awareness, disaster awareness preparedness and recovery, disaster plan, disaster prevention, disaster recovery planning, DR, DR planning, in the dark, in the dark: crucial industries confront cyber attacks
Not to sound too forward-thinking, but McAfee just released an interesting report: In the Dark: Crucial Industries Confront Cyberattacks.
It’s rather amazing that whole industries, as well as the entities that populate those industries – large, medium and small business – are lagging in the face of crucial threats.
Those threats not only comprise cyber war, cyber attack, and even “inside jobs” mounted by dissatisfied employees, or preventable breaching incidents manifested through human error, but also enterprises face peril from large-scale threats to infrastructure as manifested by terror attack or destructive weather events.
Consider a pre-Katrina business in New Orleans. Yep – be sure to lock those doors, set the nightly backup, and while we’re at it, let’s minimize all the single-points-of-failure elements we can… In the meantime, all that care and concern – and business – washed away in the comprehensibility of a flood because no one heeded the warnings about under-spec’d levies.
What of sole-proprietorships? Given all the tornados in the mid-West at the moment, what is a prudent plan for business continuity if the house blows away? Life does go on… and so must business.
I felt the gap between awareness for potential of large-scale bad events (both internally sourced, and external), and solid security postures, even in Fortune100 environments. Here, you might expect best awareness and allied practices, but no: Often, the business element, IT’s governance, would be unwilling to engage, and then only grudgingly make budget available for the thinnest of security standings for recoveries. It was a vulnerable feeling, I must tell you.
I like to think that I’m a little ahead of the pack. In the last chapter of I.T. Wars: Managing the Business-Technology Weave in the New Millennium (Ch: What’s at Stake) I discuss large perils to enterprises, and what the “local” organization (that is, yours) should begin to think about doing. I propose regional BizSec teams (business security), comprised of leading minds from a variety of regional organizations. Solutions always start with discussion by proactive people…
It’s something to think about doing in this, still, new millennium. Stay safe!