With the threat of cyber crime to businesses, it is clear there needs to be a shift in the conversation if any real improvements are to be made. But what happens if questions about cybersecurity are left unposed? The unspoken could have real consequences.
The messaging at conferences, magazines, trade journals, the evening news, and web-based news and information sources is consistent that organizations should be aware of their risks and taking action to protect their data, servers, and services from attack. This leaves several questions. Many in a senior management role (C-Suite or even those serving on boards of directors) are not formally trained in technical information security and risk management and as a result knowing even what questions are important to ask is itself an unknown.
We are well-positioned to help business leaders answer these cybersecurity questions (and also help them with maturing their information security and risk management programs as a result of the answers to those questions). We have a great deal of hard-won experience from our incident response and digital forensics work – we see firsthand who is attacking and compromising organizations as well as how. We are then fortunate to be able to help those organizations create a plan to reduce the risk of it happening again.