The Threat of Noncompliance, Not Only a Data Risk But a Financial One

By Eric Noonan • February 24, 2015

News broke recently that the an investment advisory firm agreed to pay $75,000 to settle U.S. Securities and Exchange Commission charges, that it failed to have a cybersecurity policy in place before a breach compromised 100,000 individuals’ personal information. This is the latest example of regulatory and compliance enforcement by a federal agency and companies of all sizes should be paying attention. While the amount of the settlement isn’t headline grabbing, the actual enforcement of standards of care relative to cybersecurity is.

Regulatory compliance isn’t nearly as appealing as stories about large data breaches or Chinese hackers, but it generally highlights the kinds of fundamental blocking and tackling activities that lay the foundation for better security. Buying tools is easy, creating and implementing the policies and processes that will measure their effectiveness and ensure full deployment and optimization is not. Policy doesn’t stop attacks but it does force an organization to be thoughtful about what they will do and what they won’t do against the reality of their appetite for risk and more importantly their budget.

I recently had dinner with an accomplished CISO leading a multi-national corporation who bemoaned the focus on tool purchases and tactical day to day threats. As a former military officer he inherently knew preparing a concept of operations for the mission is the first step in organizing for victory. This means focusing on the “boring” things like strategy, capability, process, and logistics so that you optimize your chances for winning the war.

It’s hard to put a focus on policy and process when you’re trying to run a business but this latest action by the SEC highlights the importance and cost of doing nothing.  CyberSheath can provide your organization with an integrated view of all information security activities that enable you to reduce risk, demonstrate business value, and optimize your people, processes, and technology.  Our certified consultants are experts in Compliance and can arm your organization with information and guidance needed to avoid an unnecessary lawsuit, as described above.

How Can CyberSheath Help Your Organization?

To learn more, visit our Governance, Risk and Compliance service area where you can download a datasheet detailing our unique GRC approach.  CyberSheath will also be attending the RSA Charge Conference Oct 21-23, where industry experts will be meeting to discuss the strategies and tools that will armor your organization for the security battle you fight every day. CyberSheath is a proud Gold Sponsor for this event, for more details on how CyberSheath will be contributing click here.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO