“ We believe in investing in our people and we have engaged several firms to help us do that. I must admit that none of them have had the positive impact that FOCUS has, in such a short period of time. FOCUS facilitated results are pragmatic and can  immediately put to work to increase productivity and quality as the team gets stronger. And they did that WITH our people who really liked the FOCUS approach. We will continue to work with FOCUS as we grow our organization”  Richard Cupido, President and Owner, Burlington Paving
“We lean on Richard Gerofsky, Partner at FOCUS to help develop our strategic roadmap. Richard’s sound counsel, useful guidance and effective facilitation enabled Mayhew to think strategically, keeping steadfastly committed to our corporate vision and strategic objectives.  Richard is a key asset around the Mayhew boardroom table, and considered an extension of our Executive team.” Marcia Mayhew, CEO, Mayhew
“We have certainly come a long way in a short period of time.  Recently, we won an award for the best performing energy efficient homes in North America.  The Focus Management Team, Fred, Richard and Stephen, have become a part of the L!V Communities Team, working with us to create better communication, clarity and alignment.  Our team is now focussed on what really matters and that’s what generates results that our customers expect and deserve.”Anthony Martelli, Chief Operating Officer L!V Communities
“FOCUS is able to hone in on the most important strategic initiatives and gain a level of engagement and alignment across the organization. They deliver real results. I believe in the people. I believe in the product.”Craig Gilpin, CCO, North West
Telecom Triumph
Download Whitepaper
Why a Brilliant Strategy is Not Enough
Download Whitepaper
Is Strategic Planning a Waste of Time and Money
Download Whitepaper
Top Ten Reasons Strategies Fail
Download Whitepaper

Next Gen Cyber Security

next gen cyber securityThe average total organization cost of a cyber security data breach is $5.32MM.

If you ask CEO’s, CIO’s and CSIO’s what keeps them up at night a Cyber Security breach is #1 or #2 and if it isn’t it should be.  Cyber Security attacks don’t just happen to large companies all companies have “crown jewels” to protect.

Crown Jewels:

The first step in a self-cyber security risk assessment is determining your company’s crown jewels and who would want access to them.

Cyber Criminals are for Hire:

Cyber Criminals on the Dark Web are for hire.  On the dark web Passwords are available for $1.00 each, credit card numbers go for $5.00 each and health info can be had for $8.00 per record.

You can hire a cyber criminal to get what you want; for example:

  • Strategic plans
  • Competitive advantages
  • Personal information -Passwords, credit cards, health records
  • Intellectual property

Frequent access points for hackers:

  • Bad opens/clicks on email attachments
  • No patches on IT systems

Think your company has a low risk because of the data you own or the nature of your business? What would happen if someone got access to your network encrypted your files and then held them ransom until you paid to have access to them? We’ve just described Cryptolocker and it is estimated to cost companies $350MM annually.

The alarming fact is that the number of  breaches has increased over time but the level of sophistication of the hackers had gone down. The tools are readily available to purchase from genius developers who band together.

What can you do to protect your business?

  1. Take a whole business approach to cyber security – it is a business risk
  2. Know that protecting your company is not enough – supplier networks and others who access your network are vulnerabilities
  3. Have a cyber incident protocol in place. Be prepared and know how to respond
  4. Do fire drills

What is the relevance for small companies?

  1. Depends on the type of business
  2. What are the crown jewels?
  3. What do you want to protect?
  4. Current protection capabilities?
  5. Prioritize your spend
  6. Take a risk-based approach
  7. Not about size, its about what you own

Cyber Security For Larger companies, public companies and companies with boards:

Board meetings

  • Need a Risk Committee
  • IT Security should be a standing agenda item
  • Need a CISO (Chief Information Security Officer). A CISO is different than an IT person  – at least one board member should understand IT
  • Need an enterprise plan – with metrics
  • Audit security like your organization audits accounting

Make sure that there is no disconnect between IT’s priorities and the board direction. The CEO needs to be actively involved. Educate your IT department to learn about industry threats and trend and to learn the latest and greatest.

Employee education is key to all organizations. What to include in your education plan:

  • Malicious Emails – Biggest root cause – accidental clicks
  • The different approaches being used by hackers – they are very creative
  • “Accidental Breaches” – Training awareness reduces the risk
  • Testing of your systems

Your approach to cyber security should be similar to your approach  to Health and Safety Training – It needs to be ongoing.

  • Put “Guard Rails” in place
  • Privilege user access
  • Blocking URL’s
  • Signatures for cryptolockers
  • “Yes” – “But” solutions

Technical solutions are not the answer to cyber security. It is only one single component.

 

Path to Cyber Security – Take Away Action Plan

  1. Conduct a cyber risk assessment by next week

  2. Decide on a strategy by next month

  3. Establish governance model by next quarter

  4. Start reviewing metrics in 6 months

The biggest blockages to implementing a Cyber Security Strategy are:

  • Senior leadership don’t lead the deployment

  • Inadequate training – awareness and skills

  • Unclear roles and responsibilities

 

Content based on CEO Global Network - Next Gen Cyber Security Event – November 2015 panel discussion

 

Expert Panel:

CISO and Executive Director KPMG Canada

Zia Shah
CISO and Executive Director KPMG Canada

Suleman Ahmed Principal, Servo Annex Inc.

Suleman Ahmed
Principal, Servo Annex Inc.

Nick Alevetsovitis  Country Manager Palo Alto Networks

Nick Alevetsovitis
Country Manager
Palo Alto Networks

 

 

 

 

 

 

 

 

Additional Resources:

The Board’s Role in Cycbersecurity – The Conference Board http://www.goodharbor.net/media/pdfs/Good_Harbor_Directors_Note_Cyber.pdf

Your Staff are Your Biggest Risk – Quartet Service  http://www.quartetservice.com/your-staff-are-your-biggest-security-risk/

Trends in IT Security – CompTIA – https://www.comptia.org/resources/trends-in-information-security-study

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: