Protect your company against a cyber breach!
To Ray Kelly, current vice chair of K2 Intelligence and the longest-serving police commissioner of the New York Police Department, there are four main catastrophic events that can befall a company: terrorism, conventional crime, natural disasters and political instability. And while some of these are more applicable than others in different industries and in different areas of the world, they all have one common thread.
“Virtually every one of these areas involves cyber,” Kelly said. “Cyber is interwoven into everything that we do, so if you’re hit by a terrorist attack or natural disaster, cyber is going to play a role in some way, shape or form.”
Combating growing cyber risks, Kelly explained, takes a team and a plan. To help with the first stage of the plan — awareness — Kelly will conduct a keynote speech at ALM cyberSecure titled “Security in Today’s Hyper Connected Society” on Sept. 27 in New York. The main takeaway from the speech, Kelly recently told Legaltech News, will be that “cyber has to be everyone’s concern and everyone’s problem.”
Specifically, he noted that the entire management team, ranging from a company’s CIO to its CEO, needs to be involved with a business continuity plan. This business continuity plan is a schematic of how a company can get back in operation if it falls victim to a catastrophic event, and as a necessity, it needs to include cybersecurity.
Cyber is a mystery
“[Cyber] is this mystery area, and it doesn’t seem to have a day-to-day impact in making money, of the core business of the company, so it’s relegated to someone down in the management chain,” Kelly said. “That to me is a mistake.”
It’s particularly important for the CIO to be involved in any business continuity plan, he noted, because that person would best know what technological resources are needed after a breach.
The CEO, meanwhile, is tasked with making sure cybersecurity is a priority. As Kelly has seen from working with many companies, “If it doesn’t come from the top, chances are it’s not going to be adopted or certainly not going to be interwoven.
And receiving buy-in quickly is imperative in this changing cyber landscape. Not only has each individual threat evolved and become harder to identify in a system, but as the business world has become more globalized, threats can come from anywhere. This means that local law enforcement increasingly needs to work with federal and international agents on cases; it also means that identifying hackers’ profiles is increasingly tough to do.