Over the last several weeks we have witnessed the story of a Bank who thought that compliance was enough to keep their customer’s information and the Bank’s reputation secure. However, they quickly realized that one breach can change everything and cause them to question their strategy regarding cybersecurity. We step back onto the scene as the ISO, Walter, has learns what he could have done differently to prevent the recent cyber attack.
We fade in to see a large conference room, nearly empty and eerily quiet. At the end of the table we see a defeated Walter reading over the notes from the previous meetings with his new cyber security team, colleagues, and superiors regarding the recent cyber attack on the Bank. He is now trying to figure out why he didn’t believe these things before. “Why didn’t I realize that compliance wasn’t enough?” he asks himself “how did I think that a vulnerability scan was going to cover all of our bases when it comes to IT security?” he grumbles, as he continues to work through the pieces in his mind. His IT Director enters the room and the two men continue to discuss how they are going to recover, and more importantly, prevent something like this from ever happening again.
Later in the day we watch a conversation between Walter and Saul Goodman, the leader of the cybersecurity team. “I have no idea why we didn’t see it before. We’ve been told a vulnerability scan wasn’t sufficient but just didn’t believe that what the IT firm was providing was just that and nothing more” Walter explained. Saul replied “Don’t be too hard on yourself, you’re not alone. Most companies don’t realize how important it is that a true penetration test is performed regularly and that the results are communicated clearly to those governing the IT environment.” He then continued to talk Walter through some of the most important things he could do to protect his environment and ensure the security of the Bank’s information and reputation.
Saul talked about several main areas of cyber security:
- Vendor management – Saul explained that it is critical for any company, but especially a Bank, to make sure they know the security posture of their third-party service providers. These providers range from the banking software to HVAC systems; the provider’s security becomes your security when you sign a contract so it is imperative that you are sure they are secure.
- Vulnerability control – Those penetration tests produce more than a pretty report. They should tell you exactly what you need to do to manage the vulnerabilities that exist in your Bank. Take advantage of them and the professionals who wrote them by asking good questions and understanding what next steps you should take. If your cybersecurity team can’t do this, you should probably consider changing consultants.
- Vocalize concerns to enterprise management – Enterprise-wide compliance is very important to the c-suite, but they often forget that cybersecurity must take center stage in today’s environment. Saul explained to Walter that it is his job as the ISO to make sure they are aware of concerns within the IT environment and understand what needs to be done to recover from and prevent future attacks.
Obviously, these are just the highlights of the conversation as cybersecurity topics are constantly growing. You sit back and relax as the conversation continues because you are now comforted by the fact that there are practical ways to improve. You’ve seen where the issues are and how you can take this information back to your company. You listen intently as Walter asks very detailed questions about what vendor management and vulnerability control look like and Saul walks him through his next steps. Over the last 15 minutes of this action packed series you see a new resolve in Walter’s demeanor as he is no longer defeated by what happened but has chosen to learn from it and move forward. You watch him meet with his team and take note as they collaborate to find the best course of action for the Bank moving forward.
The upbeat music begins to plan as the ending montage rolls across the screen. Walter documents his new plan and takes it to the Bank’s Executive leadership and they finally see how important cybersecurity is for the company. They ask questions that Walter has been trained to answer and together they create a solution and plan for the future as one cohesive team. Then, in a fashion you recognize from the Breakfast Club, Saul Goodman walks out of the Bank, fist in the air, ready to conquer the next cyber security challenge and help more companies prepare to handle today’s cyber environment.
End Episode Three.
. . .the screen has faded and you realize how deeply you’ve resonated with this action-packed story. You are suddenly excited to get back to your own IT environment and explore the possibilities of going beyond compliance to establish and environment of real cyber security. I hope that this series has given you some practical suggestions and advice on how to improve your cybersecurity posture. Don’t forget that having a good team working alongside you is critical.