Managing Cybersecurity Risks

Ron Bush
President, Ron Bush Consulting, Inc.
background image

“There are only two types of companies in America: those that have been hacked and those that will be hacked.” -- Former FBI Director Robert Mueller

Risk management has always been a tough, complex job. Any organization, no matter how tightly managed, can be compromised in many ways. Reputational issues can create a lack of faith that affects revenue for any business. Geopolitical issues such as tariffs or compliance with government regulations like Health Insurance Portability and Accountability Act (HIPAA) or Sarbanes-Oxley (SOX) can cause numerous interruptions to business and negatively impact the bottom line.

But I think the greatest risk businesses are facing today is the risk of cybercrime attacks. The reasons being these criminals can attack us through so many sources, for so many reasons, and be so devastating. Just ask Atlanta and Baltimore or check out the list of health care providers who have been breached. (List available here: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf).

Any organization that connects to the internet in any way is at risk. Regardless of industry or government, number of employees, or annual revenue, when a breach happens it is often devastating.

Cybercriminals attack in many ways:

1) Ransomware: Blocks access to your network until a “ransom” is paid

2) Distributed Denial of Service: Attacks your computer system by flooding it with information sent from many individual computers

3) Data Theft: Illegally obtains private and sensitive information, including passwords and financial information

4) Unlawful use of your equipment: Uses your computer network illegally or for illegal means

5) Attack on your reputation: Actively and deliberately uses information to cause damage to a person or organization’s reputation

6) Selling Data: Initial hacker brings other hackers into your domain, selling credentials as well as ALL of your data

This is not an exhaustive list. These and other threats to cybersecurity mean that companies should consider:

  • How to safely use websites for marketing, when websites are portals that may also provide cybercriminals and social engineers with more tools. Many spear phishing scams are constructed just using website information. In the age of information, all information is useful to the right person. The cybercriminal who is networked knows who to sell what to.
  • How much of the budget can be reserved for cybersecurity products and services plus employee training for a potential breach.
  • How to put a plan in place for damage control in the event of a cybersecurity breach.

Cybercrime is a trillion-dollar industry. As it grows, so does the need for cybersecurity. Cybercriminals are always working to steal information, so it’s important for risk managers to learn to keep it safe. As a consultant in cybersecurity, I provide audits and risk assessments so that organizations can stay aware and ahead of the risks.

By: Ron Bush
President, Ron Bush Consulting, Inc.

Ron Bush is an accomplished Senior Executive and Consultant with 14 years of success within the information security industry across a range of sectors including healthcare, financial services, education, manufacturing, retail and local government. Leveraging extensive experience guiding clients on how to best secure their data, he is a valuable asset for organizations working on information security issues. His broad areas of expertise include IT security, social engineering protection , security and data breach risk assessments, information security policy and procedures, identity protection, and data storage.

Ron hold s degrees in Human Resources Management and Education. He is author of Staying Safe in a Ve1y Dangerous World: Think Before You Click, and hosts a weekly radio show, The Information Playground on WVLP out of Valparaiso, Indiana, which is also available on iTunes Podcast. He has been an adjunct professor at two Indiana universities and writes for various publications. He regularly speaks on information security at national and international events.

Sign Up for Our Education Newsletter

You Might Also Be Interested In