Getting Back to Basics
The report advises that organizations of all sizes need a stronger focus on cybersecurity fundamentals in order to reduce the number of avoidable incidents. Equifax’s breach is called out as an example in the study, with the OTA stating that the incident “not only underscores the breadth of the problem and its cause (lack of basic security update actions), but highlights how rigor may be lacking even in organizations we view as expert.”
According to the report, “Preparation includes an overall culture of data stewardship through all phases of the data lifecycle — from collection, to storage, to use, to transmission, to destruction/archive.” These are the fundamental principles the OTA advises all organizations to acknowledge in their pursuit of cybersecurity readiness:
- All businesses collect some form of sensitive, valuable information
- Cyber incidents will occur
- Data stewardship, privacy, and incident readiness are everyone’s responsibility
- Data management and privacy practices need continual review
- Every organization needs to have a current, tested response plan
- Ongoing employee training is a critical key to success
The OTA also emphasizes the “economic value of readiness,” which will only become more apparent with standards like the General Data Protection Regulation (GDPR) in the mix.
For more advice and guidance, access your free copy of the OTA report here.