All posts by Rob Sobers

Data Breach Response Times: Trends and Tips

Data Breach Response Times: Trends and Tips

Companies are under pressure to keep data safe, plus act both swiftly and transparently in the event of a data breach. Slow responses to breaches result in fines from (sometimes multiple) federal entities, loss of customer trust, time lost to the breach instead of business operations, and so much more. These breaches seem to become more public and far reaching as time goes on. One positive thing we can pull from this is the opportunity to learn and prepare our own companies for potential breaches.

We took a deep dive into response times from past data breaches and identified trends to see what went wrong, what went right, and what we can do to prepare. You can take some time to get familiar with data breach response plans before we get started or jump to the section you’d like to dive into first.


Table of Contents


What is a Data Breach Response Plan?

A data breach response plan is a strategy put in place to combat breaches after they occur to diminish their impact. A well thought out plan ensures every person in a company knows their role during a breach to discover, respond and contain it in a timely manner. These plans provide peace of mind during a crisis since the steps are already tested and laid out, as opposed to formulating a plan in the midst of a breach.

The cost of a breach goes beyond the amount of data lost or disclosed depending on the time it takes to find it. On average, companies take about 197 days to identify and 69 days to contain a breach according to IBM. This lengthy amount of time costs businesses millions of dollars. Companies that contain a breach in less than 30 days save more than $1 million in comparison to those who take longer. Companies also face major fines if they take too long to disclose the breach and put themselves at risk of lawsuits from consumers and independent agencies. The cost alone of notifying customers about a hack averages about $740,000 in the United States.

In total, a data breach costs about an average of $3.86 million. In addition to monetary loss, customer and employee trust are only two of the many non-financial factors companies have to consider in the instance of a breach.

Three Factors That Impact Data Breach Response Time

Preparation, technology and adherence to privacy laws all make a notable impact for a company’s response time. Take a look at how these different factors play a huge role for businesses.

Preparation

Preparation is a key factor in a company’s response timeliness. According to a Centrify study, stock values for companies with a high security posture recovered faster after a data breach. High “security posture” in this study is identified by companies who had the following:

  • Fully dedicated CISO
  • Adequate budget for staffing and investment in enabling security technologies
  • Strategic investment in appropriate security enabling technologies, especially enterprise-wide encryption
  • Training and awareness programs designed to reduce employee negligence
  • Regular audits and assessments of security vulnerabilities
  • A comprehensive program with policies and assessment to manage third-party risk
  • Participation in threat-sharing programs

The study further found that highly secure companies showed a quick reaction to the data breach and saw recovered stock values after only seven days. Companies with low security, on the other hand, saw a generally long-lasting decline in stock value after the breach that lasted more than 90 days. This indicates that overall planning makes the difference between a costly and minimal breach.

Having a dedicated team, for example, is a top security tactic to implement as soon as possible.  The average cost per lost or stolen record is $148. When a business has a team in place to manage breaches, the average cost savings is $14 per record and these savings make these teams extremely vital. Each member of the team should have a dedicated role in the process. It’s also important to put this team through practice drills to prepare them in the case of an emergency, and continually test the plan to identify any changes needed to improve efficiency or adjust any changes in the company.

Technology

Technology is another element that plays a big factor in a company’s response time, security automation in particular.

IBM also found that companies that fully deploy security automation have an average breach cost of $2.88 million whereas companies without automation have an estimated cost of $4.43 million. Automating different security tasks saves time and money in several ways. It quickly completes time-consuming tasks that keep security and IT personnel from other higher-level assignments. Automation also eliminates the chance of human error and increases your chances of detecting a security threat. This is why cybersecurity solutions that give you a panoramic view of your data are vital to your data breach response strategy.

data breach response times automation decreases cost of data breach

Internet of Things (IoT) devices, however, are a negative influence for response times. IBM found that the extensive use of IoT devices increased the cost of the breach by $5 per compromised record. These devices are susceptible to hacking since they are constantly connected to the internet and usually have subpar security protection. Some employees also disregard simple things like software updates to increase the security of these gadgets. This means that you should think twice about using things like office assistants in the workplace. If you choose to keep these devices, make sure you keep everything up to date and routinely change passwords.

Privacy Laws

National and statewide privacy laws are relatively new regulations that affect many aspects of a business. These regulations often have specific rules in for notification times.

The GDPR, for instance, requires companies to report data security incidents within 72 hours. Failure to abide by this can result in fines as high as €20 million or 4% of the company’s worldwide annual revenue of the previous financial year.

The NYDFS cybersecurity regulations also require a 72-hour notification in the event of a cybersecurity event, and California’s pending CCPA is also expected to have a similar requirement.

Data Breach Response Times Compared

We can learn a lot when we compare breaches against different factors. For example, looking at average times to identify and contain breaches show us the fastest-responding industries and strategies we can replicate from them. Peruse the comparisons below and see how at-risk your company is compared to others.

Average Time to Detect and Contain by Industry

The entertainment industry takes the longest to respond to data breaches while the energy industry takes the least amount of time.

It’s important to note that, although the energy industry is the fastest, businesses in this sector still take longer than 30 days on average to find a breach. This means that there is still much to be done to improve response identification across the board.

average time to detect a data breach by industry

The average time to contain a breach, on the other hand, is significantly less on average than the time it takes to identify the breach. Healthcare tops the list, taking 103 days to contain a breach while the research industry takes only 53 days.data breach response times average time to contain a breach

Identification and Containment Compared to Cost by Industry

Healthcare stands out here as one of the most costly industries to have a breach. This is likely because they have one of the longest average response times to detect a breach.

cost per capita versus days to detect a breach

On the other end of the spectrum, financial services take the least amount of time but still have a high cost per capita. This is most likely because this industry is highly regulated (like healthcare) with regulations like PCI DSS, SOX and more that result in hefty fines.

average time to contain a data breach versus cost per capita

Data Breach Response Time Trends

There’s a lot to learn from previous data breaches if we dig past the numbers. The average times and costs teach us about the mistakes to avoid and the tactics to implement to strengthen our company’s security. Here are some common trends among data breaches that can inform your team’s data breach response plan.

Companies with dedicated, trained teams and tested response plans respond faster. A dedicated team is crucial to a solid incident response plan. It clearly defines who is responsible for what and ensures that all bases are covered, ranging from public relations to cybersecurity. Defined roles also make it easier for this core group to test different plans and scenarios to prepare them for future attacks.

IoT devices increase the average cost of a data breach. IoT devices open companies up to a new world of risks and vulnerabilities since these devices are becoming more prevalent in office settings. The multiple internet touchpoints created with these devices increase the number of vulnerabilities physically and digitally present around the workplace.

Hackers can easily attack things like office assistants if proper security protocols aren’t followed, like changing the default passwords for a device and connecting it to a secure network. Once hackers are in, they can do things like abuse microphones and cameras to record sensitive conversations.

Security automation decreases the average response time. Automating mundane and time-consuming security tasks efficiently allocates your IT and security team’s time to higher-level security duties that allow them to take a deeper look into potential threats. Security automation also assists with detecting vulnerabilities that security teams may potentially miss due to human error.

It’s faster to contain a breach caused by human error versus a breach caused by malicious attacks. Malicious attacks and hackers are inherently stealthy because they don’t want to be caught. Breaches related to employee error are easier to detect since employees are often unaware of the breach and are not trying to hide it. Although it’s faster to contain this type of breach, it doesn’t make it any less important. Erroneously sending files, opening malicious emails and unknowingly downloading malware can spell disaster for any unsuspecting company, especially if that particular employee had wide-reaching access to company assets.

The faster the data breach is identified and contained, the lower the costs. Overall, data breach costs are significantly less if caught early. Hackers today are stealthy and fast, so it doesn’t take much to compromise sensitive information. The more barriers and precautions you can put in place between data and the hacker, the longer you have to find threats. Preparation and tested response plans also speed up response times to stop hackers before any more damage occurs.

Major Data Breaches and Their Response Times

High-profile breaches are great places to start when formulating a response plan, especially if a company similar to yours is breached. A common trend between many recent breaches is the lengthy amount of time it took them to detect, contain and notify customers about the breach.

Take a look at how these major companies reacted to their breaches and what things they could have done to speed up their response time.

uber data breach response time profile

Uber’s major mistake with their hack was the gap between the time of detection and time of notification. Hackers stole credentials from Uber’s GitHub account to access Uber user data stored on an Amazon server. Hackers found their way to sensitive information that affected millions of Uber users including driver’s licenses, email addresses and phone numbers.

Instead of notifying customers and authorities right away, Uber instead paid hackers $100,000 to delete the stolen data and keep quiet on the incident resulting in massive fines, heavy security requirements, monitoring from the FTC, and lots of lost trust among customers and employees.

Uber should have consulted with key personnel within the company, including members from their public relations, IT, legal and security teams, to formulate an ethical way to manage the breach and notify the public. If this plan was made prior to this breach, the company would have had a way to both quickly contain the breach and deliver news of the breach in a timely manner.

Uber’s legal and compliance personnel in particular should have had data breach notification laws top of mind at this time. Although this breach occurred prior to the GDPR’s implementation and rise of other similar privacy laws, 48 states in the United States at this time had security breach notification laws that required companies to disclose news of a hack.

Finally, Uber should have done its due diligence to assess the security risk of all services its employees use. The incident may have been avoided or at least delayed if Uber were routinely checking for suspicious activity and vulnerabilities including employee login credentials and the amount of information they allowed to be stored on third party servers.

marriott data breach response time profile

The recently uncovered Marriott breach is one of the largest breaches of consumer data to date. The hack affected millions of guests and compromised sensitive information like mailing addresses, passport numbers, Starwood Preferred Guest account information, reservation dates and more.

At the beginning of their acquisition of Starwood Hotels and Resorts, Marriott should have involved their CIO and IT teams to analyze the company from a cybersecurity perspective. Early detection could have either prevented Marriott’s acquisition of Starwood or prompted Starwood to fully contain the breach prior to the acquisition.

Starwood reported a smaller breach involving their POS systems in 2015 and although Marriott claims it was unrelated, cybersecurity experts say that a deeper investigation could have uncovered a relationship between this breach and the breach of their reservation system. This is why it’s important to have an in-depth look at potential companies during mergers and acquisitions.

Marriott should have also implemented a more comprehensive and in-depth cybersecurity solution to supplement their cybersecurity efforts. An internal security tool notified them of a threat September 8, 2018 — four years after the breach started. A stronger tool coupled with more diligent and routine security audits could have helped them find the breach sooner.

Prioritization is another thing to keep in mind when it comes to managing large quantities of data. Some data, like customer information stored in a reservation system, is more sensitive and more important to keep secure over others. Increased prioritization can include more routine audits, more dedicated time to managing the data and a larger overall portion of the cybersecurity budget put towards securing those specific data assets.

target data breach response time profile

The Target data breach in 2013 is a lesson in detection time. Target detected the breach 16 days after the breach started. Although they responded quickly, it was not quick enough to mitigate the damage already done. In that time, attackers compromised payment and contact information of 110 million people with only 11 gigabytes of data.

Target spent $202 million overall on this breach while spending close to $20 million alone on claims. The company also saw a drop in shares and profit in the following quarters and also laid off hundreds of employees following the breach.

The business could have expedited and maybe avoided the entire breach if they had more diligent and routine checks for suspicious activity. Finding the threat and eliminating any vulnerabilities early on could have saved Target a lot of time and money. Automated security tasks could have further helped their security team’s efficiency since they could have instantly found the threat or, even better, found and fixed the vulnerability itself before the hackers could exploit it.

Something else they could have done was limit file access for third-party vendors and others in the company. Since the third-party vendors had lots of access to Target’s information, the hackers only needed stolen credentials from one vendor to access Target’s sensitive information. Limiting file access to those who only absolutely need it helps reduce the risk of hackers accessing sensitive files.

One other major precaution they could have taken was to encrypt and separate cardholder data. The more barriers you can put between attackers and your sensitive information, the longer the time period you have to detect suspicious activity or the breach in progress.

How to Decrease Your Data Breach Response Time

Now we know that the quicker the response, the lower the impact. Here are a few ways you can decrease your data breach response time and save your company time and money.

how to decrease your data breach response time

It’s important to take a proactive approach to data breaches to speed up response times and mitigate as much potential damage as possible. Implementing solutions like Varonis Edge allows you to track suspicious activity around the perimeter to help you quickly identify and shut down possible threats. If you want to get a better idea of where to start, take a data risk assessment to get a clear idea of where you stand and what steps your company can take to prepare for future risks.

Sources

IBM | Centrify | Pew | Experian 1, 2 | GDPR | NBC 1, 2, 3 | ZDNet 1, 2, 3, 4 | IB Times | USA Today | Bloomberg 1, 2, 3 | The Verge | CNN 1, 2 | Tech Crunch | New York Times | Vox | Wall Street Journal | Forbes

 

Varonis Community Announces ‘Varonis Elite’ Program

Varonis Community Announces ‘Varonis Elite’ Program

In February, Varonis launched the ‘Varonis Elite’ program. An initiative that brings cybersecurity and Varonis enthusiasts together, to learn more from one another and engage with Varonis in new ways that were never possible before. Members were nominated by internal account teams based on their knowledge of Varonis and the cybersecurity industry.

We are excited to welcome the first round of members! We have an awesome group of customers and certified services partners that span from the U.S. to Thailand.

Currently, the program is global, six months long, and by invite only. Members will meet monthly as a team with product experts on different and exciting topics, given chances to blog, speak on podcasts and other functions, and be given special Community permissions. Did we mention swag? Because they’ll get that too!

If you are interested in becoming a Varonis Elite member, the next open application period is in August! Be sure to notify your account team of your interest and get involved in the Varonis Community! The more active you are, the greater the chance is for an invitation. You can help answer questions, “like” comments or questions or post conversation starters — things you want to discuss.

We look forward to seeing you in the communities!

 

Spotlighting Unstructured Data Access

Spotlighting Unstructured Data Access

At Varonis, we sometimes highlight external articles, especially when they provide independent insight into our solution. Dr. Edward G. Amoroso, former Senior Vice President and Chief Security Officer of AT&T, and now current Founder and Chief Executive Officer of TAG Cyber, recently penned an independent article on our platform after two technical sessions with our team.

“If you care about whether your sensitive data protection policies are being met – or if you just want better visibility into the location and usage patterns for your data, then you’d be wise to give the team at Varonis a call,” Amoroso writes in the article. “I suspect you’ll find – whether you are in security or IT – that their integrated approach to data access visibility will be an important part of your present and future strategy.”

Check out the entire article here. We think it provides good insight into our solution.

Americans and Privacy Concerns: Who Do We Trust?

Americans and Privacy Concerns: Who Do We Trust?

Who do Americans trust with their information?

In light of massive data breaches, Americans have doubts about the safety of their personal data. Events like the Facebook Cambridge Analytica hack that affected 87 million Facebook profiles and the Marriott data breach that exposed data of up to 500 million guests are enough to get anyone guessing who they can trust with their sensitive information.

Consumer mistrust is also prevalent when companies aren’t clear about the data they’re collecting and what they’re doing with it. The Sleep Number controversy is a perfect example of this. Consumers raised concerns after some found a section in their privacy policy that claimed it may record “audio in your room to detect snoring and similar sleep conditions.”

Sleep Number has since confirmed that it was a mistake in their policy and none of their beds have microphones or recording capabilities (the line actually refers to a product prototype that was not launched). To make matters even worse, a reported 91 percent of people tap “I agree” terms and services without reading them and a study in 2014 study found that half of online Americans didn’t know what a privacy policy was.

With massive breaches occurring every year and lengthy, hard-to-decipher privacy policies staying unread, the question at hand is, who do Americans trust the most? We surveyed 1,000 people to find out what institution they trust the most with their personal information. Read on to see the results.

More Than One Third of Americans Trust Credit Card Companies Over The Government

results which institution is most likely to protect your personal information

Specifically, more than one third of Americans trust credit card companies to protect their information more than the federal government. This is surprising, since the infamous Equifax breach in 2017 exposed data from 143 million Americans and compromised 209,000 consumer credit cards. Although Equifax is a credit bureau and not a credit card company, it poses the question: do breaches in related industries affect consumer trust?

Who Trusts Credit Card Companies the Most?

credit card trust personal information by generation

Baby Boomers (ages 55+) trust credit card companies significantly more than their Gen X (ages 35 to 54) and Millenial (ages 18 to 34) counterparts because Baby Boomers rely heavily on credit cards and generally have the most positive relationship with them (make payments on time, no debt) in relation to other generations.

Debt Comparison by Generation

debt comparison by generation

Source: Money.com

In fact, Baby Boomers use credit cards regularly and are more likely to pay their monthly payments while Gen X, on the other hand, are also heavy credit card users but are more likely to have debt. Finally, millenials are well-known for their aversion to accumulating debt and are most likely to have only one card, if at all. Their dislike for and lack of debt debt combined with the timing of the Equifax breach early into their adulthood could have been major factors in their low trust level in credit card companies.

When we look at the difference between gender, we found that men trust credit card companies to protect their personal information slightly more than women. Moreover, we found that men slightly trust all institutions (except retailers) more than women.

men trust credit card companies with their personal information more than women

Less Than One Third of Americans Trust The Government

On the other hand, less than one third of Americans said they trusted the federal government more than any other institution with their personal information. A 2015 study conducted by the Pew Research Center found that only 6 percent of adults were “very confident” that government agencies can keep their records private and secure and another 25 percent were “somewhat confident.” We found that Gen X trusted the federal government the most and that men also only slightly trust the federal government more than women.

How to Keep Your Information Safe

Regardless of who you trust, it’s important to be your own first line of defense when it comes to protecting your personal data. A few things you can do include creating strong passphrases and making an effort to read privacy policies from beginning to end to see what companies are collecting from you. You should also get familiar with data privacy regulations like the CCPA and GDPR since these are policies that protect personal data and gives consumers the opportunity to opt out of data collection. Browse through our tips below to see what other precautions you can take to protect your data.

Security and Privacy Settings

  • Read through all privacy policies to see what information companies are collecting from you.
  • Limit permissions or completely sever relationships with companies that are collecting too much information.
  • Employ unique passphrases for all of your accounts and use a password management software to securely keep track of everything.
  • Use multi-factor authentication for an extra layer of protection in addition to your password.

Email, Social and Mobile

  • Refrain from sharing personal information because you never know what people will do with that information.
  • Don’t click on links or open emails you’re unsure of. Instead, directly visit or contact the sites attempting to get in touch with you.
  • When in doubt, delete and report any suspicious friend requests and messages.
  • Don’t use public Wi-Fi when conducting data-sensitive activities like banking. Wait until you can access a secure network.

Device and Data Safety

  • Lock and password-protect your devices and sensitive files.
  • Install strong antivirus software on all of your devices including tablets and smartphones.
  • Keep all of your software and hardware updated to ensure you’re protected from malware and other potential exploits.
  • Backup and encrypt your data on the cloud and other places to protect yourself from ransomware attacks.

Like in any relationship, trust takes a long time to build and seconds to break. Clearer privacy policies, stronger encryptions and better all around cybersecurity practices are a few things companies can proactively do to build up trust in an era filled with high-profile breaches. On the other hand, Americans can take an active approach to their security by taking precautions with their data and holding companies accountable to protect their personal information. Click on the button below to download the full infographic about Americans and their privacy concerns.

click to download button

Methodology

This trust study was conducted for Varonis using Google Consumer Surveys. The sample consists of 1,000 respondents, with an average margin of error of 5.3 percent. This survey was conducted on January 11, 2019.

12 Most Disregarded Cybersecurity Tasks

Illustration of guy with red blindfold over his eyes

Used for strategic planning, process improvement and reaching customers, data is just as important as a company’s other resources like employees or inventory. You could even say, data is gold. This golden data is also in high demand for competing companies and the malicious individuals that can profit from stealing and selling trade secrets.

With the importance and abundance of data available today, the stakes of not having a comprehensive cybersecurity program in place in an organization are higher than ever.

It is important that cybersecurity be prioritized by every level of individual in an organization. The infographic below gives tips for employees at every level of an organization to follow to stay vigilant and manage risks in a data-driven, connected world.

infographic with the most disregarded cybersecurity tasks separated out by ceo manager and security professionals

We have seen that it is the CEO’s job to prioritize cybersecurity and data protection at an organizational level. Managers responsible for budget allocation must make decisions on how to allocate company funds to actively manage cybersecurity threats. Cyber professionals must be technically savvy and consider risks outside of common scans.

The list of tasks we provided highlights the importance of individuals working as a team to protect data. It’s not just one person’s job.

As new technologies emerge and more data is made available for companies, cyber criminals will have new motivations and new tools at their disposal to try to infiltrate corporate data. Organizations need to prioritize cybersecurity by investing in protection technology and resources if they are going to stay on top of the battle against the criminals. There’s too much at stake not to make these investments. Interested in more? Check out our whitepaper detailing data loss prevention and more.

Sources:
Dashlane | DARKReading | NIST | Bloomberg | Trend Micro | Gartner | Cybint | Cisco

How Major Companies Find Leaks

how major companies find leaks hero

Serious data leaks are increasingly prevalent in the news. We mostly hear about the immediate impact of those leaks and the steps taken to fix them, but how much do we actually know about how companies find and prevent these leaks?

A lot of companies require employees to sign non-disclosure agreements (NDAs) to legally hold leakers accountable, but this isn’t the most effective method to prevent leaks. Major corporations like Google and Apple also take proactive steps to protect information from leaking to competitors and others with malicious intent. These include dedicated leak teams, restricted employee access to sensitive information and much more.

We took a look at a few major companies to learn how they detect dangerous leaks and breaches.

how major companies find leaks infographic

Everyone can fall victim to malicious attacks and security breaches, from giant corporations to startups. Unfortunately, major data breaches and leaks can occur even with the simplest mistakes. Forgetting to log out of an account or unintentionally clicking on a malicious link can spell disaster and put lots of people at risk and damages trust with both customers and employees. Not to mention, a leak can also cost a great deal of money. The best thing we can do to protect everyone is to take a proactive approach with data security.

We can all learn a thing or two from these big businesses. For example, enlisting the help of white hat hackers can help your company discover hard-to-detect vulnerabilities that your current team might not be aware of yet. Frequent security checks and reporting can also bring potential or ongoing issues to light. A comprehensive cyber security platform is a vital way of making your data security efficient and effective.

You can take a look at your own business’ cybersecurity risk today to see how vulnerable you are to attacks and leaks. Knowing your risk level helps shape and form what plan of action you’ll need to take next. Having a panoramic view of your data and engaging in accurate threat modeling gets you a few steps closer to preventing any data leaks and keeping sensitive data safe.

Sources:

Gizmodo 1, 2, 3 | Bloomberg 1, 2| The Outline | The Verge 12 | Business Insider 1, 2, 3 | Small Biz Trends | Datafloq | Wall Street Journal 1, 2 | The Guardian 1, 2 | Deadline | Hackernoon | Google | CityLab | Scribd

The Likelihood of a Cyber Attack Compared

blue and red scale

While the cost of a cyber attack is often discussed, we seldom hear about just how common these attacks actually are. Numerous security experts believe that a cyber attack or breach of catastrophic proportions is no longer a matter of if, but a matter of when.

According to the World Economic Forum’s 2018 Global Risks Report, the top three risks to global stability over the next five years are natural disasters, extreme weather and cyber attacks. When it comes to preparing for the physical risks, we are quick to board up our windows and evacuate to safer locations.

Why is it that we don’t take the same precautions when it comes to protecting ourselves from cyber attacks — despite the fact that it’s one of the top three safety risks we face?

One likely reason that people don’t take the precaution of protecting their IT systems is that many believe an attack is one of those things that just won’t happen to them. So, we decided to take a look at the likelihood of other “won’t happen to me” events, to paint a clear picture of just how common a cyber breach really is.

the likelihood of a cyber attack infographinc

If the chances of a breach at 1 in 4 weren’t enough to make you think twice about your cyber security, here’s a few more stats to help put things in perspective:

  • There is an estimated cyber attack every 39 seconds
  • Since 2013, there have been 3.8 million records stolen every single day
  • The average cost of a data breach is estimated to exceed $150 million by 2020

While it can be easy to write off a cyber attack as one of those things that will never happen to you, they are one of the top three risks we face in modern day society. With 230,000 new malware samples appearing every day, being proactive with your cybersecurity is more critical now than ever.

Uncover where your biggest security risks lie with a data risk assessment — Varonis is here to help protect you from becoming another cyber attack statistic.

Sources:
Insider | Tech Republic | Fix | Security Intelligence | Weather | Nationsearch | CNBC | National Park Service | The Balance | Forbes

12 TED Talks That Will Change the Way You Look at Business Cybersecurity

cybersecurity TED talks

The cybersecurity landscape is constantly evolving. New security threats pop up daily, and threat actors can be an employee in the next cubicle or a blackhat hacker in a coffee shop in Bangkok.

Additionally, cybersecurity has real-world implications that reach far beyond the boardroom — everything from Internet-connected teddy bears to the stability of world governments is impacted by cyber. As such, it’s more important than ever that everyone in your organization is up to date on the latest security trends and information.

To this end, we put together a list of our top 12 TED Talks on cybersecurity. These discussions touch on everything from how to create a strong password to the impact hackers have on world peace. The talks inform, inspire and engage — and they might just change how you look at your organization’s cybersecurity.

Business cybersecurity TED talks

In a landscape of ever-evolving, ever-improving threats, is your business ready to face the next one? Take our risk assessment to find out.

The World’s Most Creative Data Centers: Infographic

creative data centers

Data centers are facilities used to house computer systems and associated components. They are vital to the daily operations of a network and are home to it’s most pivotal systems and equipment. Sound glamorous? Actually, it is.

As data privacy becomes more and more important, data centers need to be placed in extraordinary locations in order the ensure maximum security. This need for security, coupled with the fact that data centers are required to be as energy efficient and effective as possible, means they’re anything but boring.

From facilities with roofs made up entirely of plants, to centers located in mines 22 stories below ground, networks are becoming more and more creative with the ways they house their data.

So, where do some of the world’s most established companies house their data centers? With more than half a million data centers worldwide, there are plenty to discover. Here are some of the most interesting.

Data never sleeps and the Internet is constantly growing. In fact, there are 2.5 quintillion bytes of data created each day and more than 3.7 billion people use the Internet. These data centers are inventive responses to growing technology and the challenges it presents every day.

With the rapid growth of data, comes the increased number of data breaches. Data security is one of the largest concerns impacting the world today and networks are working hard to give us the data protection we need in order to stay safe. Assess your risk today to make sure you are playing your part and staying cyber safe.

Sources:
Data Center Knowledge: 1, 2, 3, 4, PR Newswire, AIS, InformationWeek, Switch, Cyberbunker, Wikipedia

The Top Skills of Fortune 100 CISOs

Coworkers bumping their fists

The role of CISO is constantly expanding and evolving with the growing awareness of cyber attacks. As cyber attacks increase in density and sophistication, organizations are beginning to look at security as a business priority and the role of CISO has become more critical.

Companies need to look beyond basic technical expertise and the necessary leadership skills and instead look for someone who can also understand their organization’s operations and can express IT security priorities from a business perspective. In addition to skills in IT security, it is evermore important to have a business background as well as leadership and management soft skills like teamwork and communication in order to make your way to the top.

So what does it actually take to become a leading CISO?

In an effort to shine some light on this query, we analyzed the CISOs of Fortune 100 companies. By looking at their common endorsements and educational backgrounds on LinkedIn, we were able to gauge what it takes to become one of the top leaders in cybersecurity today.

Check out our infographic below to learn more about the expertise and educational background of the world’s top cybersecurity leaders.

what it takes to become a fortune 100 CISO

Because of the increase in cyber attacks, the role of CISO is constantly evolving to fit cybersecurity business needs. By diversifying their skill sets, these top CISOs are paving the way for a better future in cybersecurity. In addition, check out the top 10 female CISOs that are leading the way for women in tech.

How to Turn Cybersecurity Jargon into a Language Everyone in Your Office Ca...

translate cybersecurity jargon

Explaining how cybersecurity affects an entire organization can be complex. The field is filled with jargon and buzzwords that can hinder understanding for those outside of IT. What’s more, everyone in an organization views cybersecurity through a different lens, depending on what their role in the company is.

In order to explain important aspects of cybersecurity and how they affect your company, you must be able to communicate without using jargon that business stakeholders may not understand.

To simplify the process, we’ve broken down how to explain 10 common cybersecurity buzzwords and why it matters for your business.

10 Common Cybersecurity Terms

Cybersecurity touches every part of an organization, and misconceptions around cybersecurity can put your company at risk. As such, it’s vital to that you’re able to effectively communicate industry buzzwords to every person in your office.

To best communicate the importance of the information you’re trying to relay, first determine the role of the person you’re talking within the organization as a whole. Then, consider what might be most important to them. Does what you’re talking about solve a pain point for them? Does it offer a solution? Communicate that.

Once you’ve looked at the situation from the lens of the person you’re speaking with, offer concrete examples and solutions, not just conceptual ones. Addressing how your proposal will affect their part of the organization in real-life terms, not just hypotheticals, will better help you convey the importance of your message.