Cyber – Security Strategy
1. Recent Changes in Log Cabins Technology
A cyber security strategy is critical now more than ever for any progressive organization. Today, the running of most operations in entities is dependent on technology. The reliance on technology prompts its subsequent alignment with the goals and objectives of the organization. To that extent, a close collaboration between the top management of an entity and the information security leader is imperative. A replication of the collaboration in all departments creates awareness to the end users on the importance of staying vigilant and following the cyber security policy guidelines to the letter. The cyber security strategy of an organization should protect the immediate interests of the business and develop progressively according to the future aspirations of the company.
The most important element of a cyber security plan is relevance to the current situation. Regular updates and improvement make the strategy solid enough to extinguish any threats to the organization (Min, Chai, & Han, 2015). According to the report, Log Cabins Company has not considered tightening its cyber security strategy in recent times. In the last three years, many changes have occurred in the cyber security world. Most companies have revised their cyber security policies by adopting more progressive tactics of addressing threats. Additionally, entities have enhanced their level or security and awareness to form a formidable resistance against the modern threats. An analysis of case studies of breaches and successful protection strategies should inform the regular updates.
In recent times, ransomware has become the main cause of distress for cybersecurity experts, data professional and business executives. The spreading virus latches on to critical information such as private customer data and the cybercriminals ask for an outrageous amount of money not to release it to the public. In 2018, the number of ransom attack rose by 36% and the amount of money spent in ransom doubled in comparison to 2018. Even with the global publicity, the threat is not fading. The cyber attackers are growing bolder each day and they are upscaling the prominence of their targets. All companies need to step up vigilance to prevent an attack. The cybersecurity strategy needs to incorporate a disaster recovery policy to mitigate the effects of an attack.
On the positive side, some developments have also occurred in cybersecurity in the last three years. Advances in artificial intelligence have made it possible to use robots in the enhancement of defense against cyber-attacks. The significant levels of success recorded from the venture in recent times have promoted organizations to dedicate about $2.5 billion in programs related to cyber artificial intelligence security. With such developments, key benefits emerge. First, organizations can reduce their overhead costs because robots do not receive pay by the hour. Secondly, the robots can work round the clock. Prevention and mitigation of risks requires swift action. The robot can take prompt action to stop the attacks because of the constant awareness.
2. Aspects of Cybersecurity Governance that Need to be Addressed
The strategy should integrate aspects of cyber security governance with the objectives of the organization. The top management of the organization should recognize the crucial role played by technology. More so, for Log Cabins Company, the complete manufacturing process is reliant on technology. The management should be in constant engagement with the cyber security team to assess the level of preparedness and awareness in the organization. All the plans of the organization should incorporate the input of the cyber security team. The governance framework should guide activities chosen in the cyber security strategy to support the organization. The management should also collaborate by meeting the budget estimates from the information systems team.
According to the case study, the department of cybersecurity in the company has not received funding from the management in recent times. Consequently, the department is short of equipment and under staffed. The network infrastructure in the organization is from three years ago. However, the CISO reports that no breach has been successful in the period despite hundreds of attempts. The resilience of the current systems in the company is a demonstration of the commitment of the security team despite the lack of funding. With adequate support, the team can do much better for the organizations. Modern problems require such a team that is ready to achieve results with minimal costs. The CISO is prudent with spending as demonstrated by his decision to minimize the overheads of the cyber security department by minimizing new purchases. The department might have chosen innovative ways to save such as repairing equipment and educating members of staff how to take care of the network infrastructure.
In the case study, the CEO has no interest in addressing the cyber security concerns of the organization. The leadership of the organization chooses to ignore the department because lately the systems have been safe. A secure network requires constant update and research. The cyber security should audit the system every now and then to identify vulnerable areas. It is much easier to prevent attack by anticipation. Hackers do not gain access at once. It takes multiple attempts to break into a complicated system. Therefore, a system maintained regularly can sniff out an attempt. In the organization, the department is under-staffed. There is a limitation in capacity to detect possible weaknesses. Without proper checks, the next best option should be a contingency plan in the case of an attack. Again, the organization does not have a policy on how to react after a breach. Emergency plans enable the organization to react instantly to avoid further damage. The cyber security departments use the plans to conduct drills and educate the staff members on how to react.
The organization went ahead and opened four new outlets in South East Asia without informing the CISO of the company. The CISO is the overseer of the security status of the organization. A total regard of his role in the efficiency of the company is indicative of a failed cyber security structure. The manufacturing of the new outlets are vulnerable to attacks because the CISO uses a central security function, The CEO of the company acts recklessly by disregarding the high level of risk. The board is not able to oversight the operations of the CEO. Therefore, the CISO does not have anywhere to report his concerns on the security and the going concern of the company. The sales in the company were in a record low. All the strategies employed by the CEO failed considerably. An attack in the company could have been disastrous at the time. With a decline in sales, the company could not afford another crisis. The company should come up with better security governance measures.
3. Major Ways of Communicating to Business Managers about Cybersecurity
Achievement of security is not possible without proper coordination of all units in the company. Constant communication is the best way to advance awareness and vigilance. One of the avenues of communication is organizing training sessions with different units in the organization. The formulations of the training sessions consider the specific roles of each of the units for relevance. Additionally, the cyber security department is also open for any queries and concerns from all the members of staff. The security team also identifies individuals to champion for safety within the departments. The individuals receive specialized trainings and they are in constant communication with the members of the cyber security team.
4. Adequacy of Cybersecurity Metrics in the Organization
The cyber security metrics in the organization are not up to date with the requirements of a modern company. Today, most of the cybersecurity metrics monitor botnet infections in the organization. Additionally, an Assessment of the activities of the end users is critical.
5. Examples of Breaches in Cybersecurity
The threat of breach in the home improvement industry is real. Several companies in the industry have dealt with data breaches in the last five years. In most cases, the attackers target private customer data. The hackers then single out credit card information. The most prominent attack in the industry was on Home Depot. The attack happened in 2015. Home depot is the dominant leader in the industry. Therefore, such an attack was unexpected. Another attack targeted houzz early this year. The company acknowledged the attack but it did not state the extent of the breach. Kmart was a target in 2015. The attackers made numerous unauthorized transactions with customer credit cards. Log Cabins Company needs to upgrade its system as soon as possible. The company should consider the safety first option. A proper cyber security strategy should be responsive.
Obesity and Associated Health Risks
GCU Week 5 Health Risks Associated with Obesity Case Discussion. The case scenario provided will be used to answer the discussion questions that follow. Case Scenario Mr. C., a 32-year-old single man, is seeking information at the outpatient center regarding possible bariatric surgery for his obesity. He reports that he has always been heavy, even […]