Managing Cybersecurity is More Than Just Good Hardware and Software

Dateline: January 20, 2017

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

Continuing with our focus on cybersecurity, today’s thought comes from a recent Sloan Management Review article interviewing Professor Stuart Madnick, director of MIT’s Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC)³.  Professor Madnick suggests that managing the people issues, the managerial, organizational and strategic aspects of cybersecurity, are the most important parts.

If you don’t address the managerial, organizational, and strategic aspects of cybersecurity, you’re missing the most important parts. A lot of people are working on developing better hardware and software, and that’s good. That’s important. But that’s only a piece of the puzzle.

Estimates are that between 50% and 80% of all cyberattacks are aided or abetted by insiders, usually unintentionally — typically through some kind of “phishing” expedition [involving emails containing a link or attachment to click on]. Untargeted mass phishing emails have an open rate of 1% to 3%. But highly targeted “spear phishing” is much more effective, with an open rate of about 70%. With spear phishing, you’d get an email that appeared to come from a high-ranking executive at your company, that referred to you personally and that asked you to take some specific action consistent with your job, such as authorizing a new employee or transferring funds to a new vendor.

How does your cybersecurity plan address the people issues?

That’s a WRAP!  Have a great weekend!

Speak Your Mind