NOWHERETOHIDE.ORG

Since 2013, there have been 169 cyber attacks against city/state government agencies; 22 so far this year. Of the 169, 45 targeted law enforcement

In a recent cybersecurity conference I attended, CISO panelists were asked for their #1 cybersecurity issue. Surprisingly, their answers was NOT better cyber security tools, more cybersecurity staff (that was their second priority), or more cyber intelligence.

Their #1 answer?

More action by executives and boards of directors to do what needs to be done to help better protect their cyber assets.

Now, to be fair to those executives (public and private sector), “cyber” is just one of numerous front-burner issues they must deal with, and unfortunately taking the time to learn about and effectively address cyber risks doesn’t always make the cut – until their agency/company is attacked.

I refer to this the “911 effect“…Terrorism was a problem on September 10th; however, it took the horrific events of September 11th to get the attention and investment that others, like FBI SA John O’Neil* and others knew it desperately needed.

So, as an executive, how can you avoid the “Cyber 911 Effect” for your agency? I offer three steps:

1. Elevate cyber risk as a priority at the executive/board level and do the work needed to better understand what your organization’s cyber risk really is;
2. Conduct an enterprise-wide cyber security assessment to become informed for how your current cybersecurity behaviors and investments stack-up to your inherent risk; and
3. Implement a program of continuous risk monitoring and mitigation to build stronger cybersecurity maturity against the threats you face.

What? You say you don’t have the time or funds to do these three things? Well the truth is that it’s going to cost you a LOT more time and money if you do get attacked and you don’t do them…a few examples:

• Albany, NY – city services and police department impacted, cost not yet known
• Atlanta, GA – city services impacted; estimates vary, $5,000,000 and $17,000,000
• Baltimore, MD – weeks with many city services offline; $18,000,000 recovery estimated
• FBI National Academy – websites breached, stolen PII of thousands of LEOs exposed
• FEMA – personal information on 2.5 million disaster victims exposed by subcontractor
• Indiana – health information of >31,000 patients exposed
• Massachusetts – attack shuts down parts of Public Defender Agency
• Oklahoma – millions of government files exposed, some pertinent to FBI investigations
• Riverside, TX – 10 months of police/fire department files affected

While I’d love you to call me in (410-903-6289) to help you get it done, there are many good cyber risk assessment offerings out there. Whichever way you go, take the time and make the investment now (less than $10k) and just do it.

To learn more about my cyber risk assessment offering, please read this posting: https://www.linkedin.com/pulse/nowheretohide-now-offering-enterprise-cyber-security-risk-georgo/

Thank you…r/Chuck

* Note: John O’Neil died in the September 11, 2001 attacks on the WTC, 2001. Believe it or not, it was his first day on the job as the Chief Security Officer for the WTC compound. You can read more about him in the book Securing the City.