Follow Rob Linkedin Facebook
Email Rob Email
Technology
Mar 2, 2022

Assessing your Cybersecurity — The Why and The How

Sponsored Content provided by Rob Duggan - Director of Technology Risk Advisory Services , Earney & Company

The North Carolina Department of Justice has recently released its 2021 Data Breach Report — and the report’s findings should serve as a wake-up call to organizations of all sizes.  
The findings include:

  • 2021 was the 12th consecutive record-breaking year reported to NCDOJ for information breaches reported.
  • 2,009 breach notifications to NCDOJ represent a 22 percent increase over 2020
  • In 2021, more than 2.4 million North Carolinians were affected by data breaches
  • Ransomware breaches accounted for a record 30 percent of all breaches in 2021
  • Phishing and hacking attacks, the leading causes of ransomware breaches, accounted for nearly 90 percent of all data breach reports in 2021. 
As one looks at the data, it is important to remember that reported breaches are likely a fraction of actual occurrences.  Most of us know of at least one person or even several who have lost a lot of work and incurred significant expenses due to ransomware.   

Many may not be reported due to liability, reputation, fines, and breach remediation/legal costs (ultimately resulting in increased civil and criminal liability).  It is the trend that should be most concerning to us.  North Carolina organizations should be taking action to assess cyber and information security risk now.

Here are questions to ask as you consider your options:

1. How recently have you had an independent cybersecurity assessment by someone qualified?  
The cyber-world has changed significantly in the last few years. What was good enough then isn’t anymore. Take for example anti-virus: Modern anti-malware and endpoint solutions which are effective now include updating for known signatures plus they monitor machine/user behavior and incorporate machine learning or AI to pour through the data collected and prescribe corrective actions can be reported back to your IT security team. These solutions are now obtainable at a reasonable cost and are important for all trusted organizations. Minimum accepted practice security tools today are very different than they were two or three years ago.
 
Organizations need to obtain a current, qualified, independent lens on cybersecurity. This is important whether there is an in-house IT function or if your IT is supported by a locally managed service provider (perhaps even more important in that case). An assessment can be a simple 16-20 point evaluation and verification of cyber controls for small businesses, or a comprehensive framework-based assessment using the NIST Cybersecurity Framework to evaluate the total health of your information and cybersecurity function.
 
2.  Are your computing assets and applications being maintained and receiving critical updates?  Just recently the Department of Homeland Security issued guidance on the Log4j vulnerability. How has your IT team or managed service provider responded? 

A vulnerability scan by an independent provider can help your organization by revealing the current numbers of high and critical risk updates needed in your security stack and across your network. This will reflect on the health and effectiveness of your security updates and application update processes utilized by your IT provider. Processes and monitoring routines over these critical security functions and automated updates can be improved so you can rest easier.
 
3.  How confident are you in your organization’s resilience in the event of a ransomware attack?  
Incremental backups offered by many online / hosted application providers are not enough. Secured, archival instances of full backups are needed so you can roll back to a point in time. Your backup regime should be evaluated and tested periodically to ensure it is effective and that your data is secure.
 
4.  Have you examined your IT vendor and data hosting vendor contracts to ensure acceptable controls are in place over your client/patient/customer/employee information?   

An independent review of these contracts and support level agreements and following that with any necessary corrections can help you avoid exposure in the event of vendor breach.
 
5.  Do you have a cyber insurance policy in place?  
While you are getting your independent cyber assessment, it is a good idea to evaluate cyber controls in place against those certified on the original cyber insurance application questionnaire, otherwise the policy could be worthless in a crisis.

Earney & Company Technology Risk Advisory is local and now includes 7 certified information security professionals and experienced security engineers.  We are here to help in a range of industries: Healthcare, Physician & Dental Practices * Manufacturing and Distribution * Professional Service Firms * Not-for-Profits * Education * Real Estate * Hospitality
 
 
 
 
 
 
 
 
 
 

E&cocolorlargelogo
Ico insights

INSIGHTS

SPONSORS' CONTENT
Headshotrosaliecalarco 1182131047

Preventing Fraud During the Holidays

Web awstaffpic2020 1 132245438

The Luncheon for Literacy: More than a Meal

Alesha Edison Westbrook - Cape Fear Literacy Council
Headshots march websized 2

How to Tell if Your Flat Roof Needs Replacing

David Grandey - Highland Roofing Company

Trending News

Chamber Announces New Board Leaders, Members

Staff Reports - Jan 24, 2023

Shopping Center Planned In Leland, Could Include Publix

Staff Reports - Jan 23, 2023

Potential Tenants Already Interested In Leasing Parts Of Former PPD Building, Officials Say

Cece Nunn - Jan 23, 2023

Commercial Real Estate Firm Announces Hirings, Promotions

Staff Reports - Jan 24, 2023

County Moves To Purchase $1.5M Facility, Approves $5.6M Elections Building

Johanna F. Still - Jan 24, 2023

In The Current Issue

Preserving Wealth, For Family And History

Plans for major improvements fell by the wayside, delayed by life and the home’s overwhelming degree of deterioration, which placed the prop...


Chill Couple Grows Ice Cream Stores

Boombalatti’s Homemade Ice Cream became a local favorite when it first opened in The Forum on Military Cutoff Road in 1999. When Wes and Kri...


Local, State Efforts Target Service Sector

Many industries have started to recover from the roiling effect the pandemic had on the labor market, but nearly three years after the first...

Book On Business

The 2023 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

2022 Power Breakfast: Wilmington's Most Intriguing People - Spence Broadhurst & Hannah Gage
2022 Power Breakfast: Wilmington's Most Intriguing People - George Taylor
2022 Power Breakfast: Wilmington's Most Intriguing People - Mike Ford
2022 Power Breakfast: Wilmington's Most Intriguing People - Meaghan Dennison
2022 Power Breakfast: Wilmington's Most Intriguing People - Rhonda Bellamy