It’s essential that boards understand the organization’s cyber risks in order to successfully oversee overall company performance. CISOs and CSOs who can clearly convey cybersecurity to the board promotes better navigation of the organization in today’s uncertain cybersecurity world.
Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
In the 2015 Anthem data breach, the compromise of an adminstrator’s credentials was the initial entry point that caused the breach and exposure of 13.5 million patient records. High-profile, high-impact breaches like this are spurring healthcare enterprises to institute more cybersecurity defenses and to monitor the insider threat.
The Massachusetts Institute of Technology is starting a new research effort to help CISOs better manage cybersecurity within critical infrastructure companies. Exxon Mobil Corp. and Schneider Electric SE are early members of the consortium, according to MIT.
When looking at the cyber technology market over the past 15 years, it is evident that the catalyst for cyber evolution was Y2K. Prior to the Y2K frenzy, “cybersecurity” was masked in the systems engineering function, and external threats consisted of hackers looking to leverage free computing capabilities with very little focus on information/data access or network destruction.