A perspective on Government Contracting issues from The McCormick Group.
Organizations are spending increasing amounts of time, money and energy responding to cyber-attacks. The average time to resolve a cyber-attack is 24 days and the average losses from an organization hacked is $8.9 million. Cyber Invasions are coming from foreign governments, organized crime syndicates and hacker collectives, all seeking to steal information and interrupt services.
In a Podcast by the FBI Cyber Division Focusing on Hackers & Intrusions 24/7, 365 days a year (link to article), it is stated that the costliest attacks and greatest threat to our national security are computer intrusions and network attacks. While many firms concentrate on protecting the computer network, the most concerning areas for Security officers are mobile devices like laptops, smartphones, and social media sites that carry risk as well.
Every business connected to the internet is at risk. But this couldn’t happen to your company, right? It probably already has. A large percentage of organizations don’t know yet that they’ve been breached. Many Directors and Officers view Cyber Security as an Information Technology department issue until there’s an incident and they are in damage control mode. Now the company is dealing with stolen customer data, disclosure of confidential/financial information or worse. This reactive approach is very common. The older approach to security was associated with the network and attached systems but with enterprise risk management, many communities/departments own the business processes that are at risk and with the rise of cloud computing, everyone will share responsibility for IT Services that are delivered.
Companies can decrease their risk of breaches by creating an information security strategy. One way to accomplish that is by recruiting a high level security officer who can regularly measure and review the effectiveness of the policies, procedures and understand the types of security events that have occurred. The title of the person – chief security officer, chief information security officer, or security director isn’t important but it has to incorporate more than just a technology function. This position should be part of the executive team to strategize how security affects every business decision.
As an executive/officer you should ask yourself these questions: Is your organization prepared to deal with cyber threats? Have you considered what assets may be vulnerable? How can you ensure your business is appropriately securing its operations? Organizations should embrace the mindset that cyber threats are not going away but growing as investments in new technology continue. What matters is to focus on security controls and ensuring compliance, employee awareness and next threats.
TMG’s Take is a regular e-mail advisory produced by The McCormick Group. The company’s Government Contracting group combines the expertise of our knowledgeable consultants to help government contractors fulfill all of their recruiting needs. TMG’s Take covers topics across the spectrum of the government contracting industry, including business development, proposals, contract management, cyber security, compliance, R&D, technology, and finance. Please direct all inquiries to Brian McCormick, Executive Vice President at (703) 841-1700 or bmccormi@tmg-dc.com.
