• Skip to main content
  • Skip to footer

Commonwealth Sentinel

Cyber Security for local government, non-profits and small business

MENUMENU
  • Home
  • About Us
    • Sheri Donahue
    • Leo Haggerty
    • Careers
  • Services
    • Vulnerability and Threat Evaluation
    • Transformation Management
    • CISO Management Services
    • Incident Response Management
  • News
  • Blog
  • FAQs
  • Contact Us

commonsent / April 13, 2023

A Rising Tide Raises All Ships

We’ve all heard that the more you give, the more you receive. That’s just as true in cyber security.

Think about a city in which a burglar breaks into a house. What happens if the homeowner decides not to notify the police? First, they will likely not retrieve their stolen property; but second, the burglar will likely break into another home and do the same thing.

If you were the second homeowner, wouldn’t you be upset to learn that your break-in could have been prevented had the first homeowner alerted his neighbors and the police? You might have been more cautious. If you knew that the burglar’s MO was to break in through the garage during the day, you might have double-checked your locks or been sure to set your alarm system. Or maybe the police would have had extra patrols in the neighborhood.

Now let’s look at what could happen if a company is hit with a cyber attack. Currently, some regulations require reporting only if personal data has been compromised. Even then, the reports are to people whose information was accessed, NOT law enforcement.

It’s good that people whose data is breached are notified, and maybe they have identity monitoring for the next several months or years. But this is often not public information. And, if it is, the details of the breach are not well-known.

Currently, the SEC is evaluating a requirement for publicly traded companies to have to report significant cyber security incidents within four days of detection.

Other cyber security professionals will find the information invaluable. When CISA or MS-ISAC sends out notifications of recently discovered vulnerabilities and the fixes, it is because the information has been reported. The IT or security team can then implement the fix in order to protect their organization.

However, some companies are reluctant to report cyber breaches. They may fear regulatory fines, loss of business due to loss of faith, or they may fear losing market share to their competitors.

A recent study by Bitdefender found that in the US, over 70% of IT/cyber security staff were told NOT to report such findings or breaches! This clearly indicates that executive leadership and boards do not adequately understand the significance of these things and that if all companies reported, they would all be safer.

The upcoming SEC changes, in addition to reporting within four days, include a requirement for making investors aware of whether the board members of these companies are properly handling cyber security within the companies’ risk strategy.

As cyber attacks have become commonplace and the impacts more significant, it has become a part of doing business to deal with such threats. Therefore, the board must include it in its planning and oversight.

The more these things are hidden, the more the perception is that cyber security is not that important.

If you move to a new neighborhood and are told that the crime rate is extremely low, you feel safe. You are less likely to use deadbolt locks, alarm systems, cameras, etc. However, if you know the true rate of crime, you will use all these security tools or possibly move to another neighborhood.

No one is immune from cyber attacks. Therefore, if we all are part of the solution, maybe we can make a difference in minimizing cyber threats. A rising tide really does raise all ships.

Filed Under: Blog

Footer

CONTACT US

COMMONWEALTH SENTINEL

1230 US Highway 127 S
Suite #5
Frankfort KY 40601
(502) 320-9885

EMAIL US

ABOUT US

Cyber security consulting for local governments, non-profit organizations, and small businesses facing the threats of the cyber world.  At Commonwealth Sentinel, we are passionate about helping people be cyber-safe!

FOLLOW US

  • Email
  • Facebook
  • LinkedIn
  • Phone
  • Twitter
  • YouTube

Copyright © 2023 Commonwealth Sentinel

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT