CYBERSECURITY: FIVE KEY QUESTIONS THE CEO MUST ASK

1. CYBERSECURITY: FIVE KEY QUESTIONS THE CEO MUST ASK My research into the world's largest breaches shows that if a company could detect signals early in the attack, lateral movement, or command and control phases, they could stop the breach and prevent loss or damage. My book shows how to detect signals in time using the seven-step early detection method. One of the key steps in this method is to match the relevant signals to the crown jewels (important data, IP or other assets). This is a great use case for machine learning and artificial intelligence. There is a lot of noise, so machine learning and artificial intelligence can help eliminate false positives and detect malicious signals in a timely manner to stop a hack. Starting in 2019, there are two blind spots that virtually every company around the world faces, which cyber attacks will exploit, and which companies must overcome. One blind spot is the cloud. There is a false sense of comfort and lack of focus on detection when people think the cloud is safer because of the cloud provider's cybersecurity or because the cloud provider has a monitoring system in place. However, if a company fails to identify all Crown Jewels and match all relevant cyber attacker signals for monitoring, attackers will infiltrate, go unnoticed, and steal data or otherwise harm the cloud. Another blind spot is the Internet of Things (IoT). IoT devices (like smart TVs, webcams, routers, sensors, etc.) With the advent of 5G, they will be widespread in companies around the world. While IoT devices provide many benefits, they are a weak link in the chain due to poor built-in security and lack of monitoring. Cyber attackers will focus on IoT devices in order to infiltrate and then turn to reach the Crown Jewels. Detecting early signals of cyber attackers trying to exploit IoT devices will be critical. Companies around the world need to prioritize cybersecurity, starting with board meetings and with the CEO. It all starts at the top. My in-depth reviews of the largest breaches in the world reveal in each case a common theme: inadequate or absent oversight of cybersecurity by the CEO and the board of directors. Here are five key questions from my book that the CEO needs to take the lead and, along with the board of directors, ask management so that the company doesn't become the next victim of cyberattacks and suffer significant financial and reputational damage: Have we identified all the jewels of our crown and have we not missed them? Do we know where all the crown jewels are? Have we identified all the ways cyberattacks can reach the Crown Jewels?

2. Have we matched a map with a high likelihood of cyberattack signals trying to reach the Crown Jewels with each Crown Jewel? Are we sifting through all the noise to detect signals in a timely manner and report it to the CEO and board of directors in a dashboard report for timely monitoring? If your answer is no to any of the questions, or you are unsure, you have a gap or blind spot and are at risk, and you must take action to get a high confidence answer of yes. In my book, Next Level Cybersecurity, I offer other key questions to ask and a seven-step practical method to take cybersecurity to the next level and stay one step ahead of attackers. It is written in simple language for boards of directors, executives, and managers, so everyone can access one page and together mitigate one of the most significant and disruptive risks a company faces today - cybersecurity.