“No one would be interested in my data.” Nothing could be further from the truth! Announced in late March, the Department of Justice filed criminal charges and sanctions against nine Iranian hackers accused of compromising hundreds of universities, private companies, and government agencies.
It is estimated that some 320 universities, in the U.S. and abroad, have been compromised. Government agencies are also believed to have been breached. Also targeted were private sector law firms and consulting companies. The accused were focused on acquiring and selling science and engineering research information.
This incident brings further focus and attention on the growing threats and required attention for cybersecurity at all organizations. We find that there is no private, public, or nonprofit entity immune to the ever-growing and more sophisticated threats posed by cybercriminals. The amount of electronic information and communications used today only continues to grow. Our business and organizations rely on data and systems to function in nearly all aspects.
If your organization is not yet taking cybersecurity seriously, now is the time. More areas of compliance require organizations to formalize their attention on cyber risk. Financial institutions and higher education organizations have Gramm Leach Bliley Act (GLBA), healthcare has HIPAA, and companies with clients or constituents in the European Union will soon have GDPR, just to name a few.
Here are a few key areas that you should focus on:
- Annual cyber risk assessment
- User awareness training
- Processes for monitoring and detecting incidents
- Formal incident response plan
- Adequate cyber insurance
If your organization needs help with any of these areas, Dean Dorton has a team of qualified consultants ready to help. Contact Jason Miller, Director of Business & Technology Consulting, at 859.425.7626 or jmiller@ddaftech.com. Don’t wait until it is too late.