- Your chance of losing money increases every day.
As the only cybersecurity firm in North America partnered with a multi-billion dollar financial services company, we have a unique insight into the specific risks businesses and organizations face across the international banking ecosystem. The rise of sophisticated phishing and spear phishing techniques account for a majority of the increasing risk to your business’ bank account.
In the majority of cases of financial loss we have investigated, the initial breach was due to inattentiveness (someone did something they shouldn’t have and let the bad guys in the system). We have been fortunate enough on a few occasions, working with international law enforcement and the financial services industry, to recover some funds from overseas accounts, but this is the exception, not the norm.
These attacks are increasing. And once the money leaves your account, it’s gone.
- The Rise of Third Party Audits by Specialists
If you are a subcontractor or a vendor to a larger company, self-attestation of meeting applicable cybersecurity safeguards may no longer be enough. We’re seeing contract language more and more reflective of the option for Third-Party Audits. This is already prominent within the financial services industry.
That audits should be conducted by specialists is a growing trend. As an example, our firm audits large multi-national audit and accounting firms so that they can, in turn, audit their clients. In some cases, insurance policies require companies to provide a mechanism to ensure their vendors are meeting strict cybersecurity criteria. The days of Managed Service Providers (MSPs) auditing themselves is slowly coming to an end, if for no other reason than to comply with specific insurance criteria. In other cases, government or industry-mandated compliance criteria must be validated by a third party.
Don’t be surprised if your future business contracts require a third-party validation of your cybersecurity posture.
- Cyber liability insurance is growing…fast.
Our firm works very closely with insurance carriers and international re-insurers. We also support the self-insurance industry (Captives and Risk Retention Groups). One thing they all have in common: they are focused on limiting the risk exposure of small businesses.
Small businesses are woefully unprepared for the potential losses a significant data breach can represent. And from a purely financial perspective, there is a slow but steady trend of a shift from “risk mitigation” to “risk transfer”. At a recent National Governors’ Association meeting on small business cybersecurity, we made the case that based on our experience small businesses are more likely to pursue insurance than technology solutions to mitigate their cybersecurity exposure.
Be forewarned, though: after almost a decade of capturing and analyzing actuarial data on small business data breaches, cyber liability policies are maturing rapidly and will increasingly require specific technology and procedural activities in place before issuance of coverage.
- Cybersecurity is becoming Institutional.
Cybersecurity is begrudgingly becoming an accepted cost of doing business. No longer relegated to the IT department, we see it becoming more and more an integral part of corporate risk management. And who is responsible for risk management? The C-suite.
More importantly, this shift in perspective is forcing a more institutional approach to combating cyber risk exposure. Namely, internal communications, training, and corporate culture.
The corporate “cybersecurity team” is evolving to include, at a minimum, general counsel, insurance representatives, public relations, crisis management, and third-party forensics specialists.
- Regulatory compliance is coming like a freight train.
Meaning it has increasing momentum and is unavoidable. The enormous amount of lost capital due to data breaches ($6 Trillion annually by 2021 according to Cybersecurity Ventures) in essence represents the largest illicit transfer of wealth between nation states since the existence of record keeping. This is a big deal, and governments around the world have realized this is an issue of national security and sovereignty.
Mandatory cybersecurity compliance rules are gaining acceptance as one of the best ways to limit the loss of wealth and intellectual property across a broad range of business interests. One of the industries required to meet specific federal cybersecurity compliance criteria is US Government contractors. The United States Department of Defense last year finalized a supplement to the Defense Federal Acquisition Regulation mandating specific cybersecurity actions by December 31st of this year. The penalties for not meeting them could be sever. And this is just the beginning.
Regulatory compliance is becoming increasingly complex as it may also include transnational oversight. For example, our firm is working with legal offices in the United States and the European Union (EU) to help US-based businesses and organizations better comply with the EU General Data Protection Regulation (GDPR) – the legal and financial ramifications of non-compliance are materially substantial.
Overall, we expect to see other industry groups and business interests begin to fall under mandatory cybersecurity regulatory compliance in one fashion or another. It is inevitable.
Sera-Brynn is a Global Top 10 Cybersecurity firm headquartered in Hampton Roads, Virginia. We are a team of certified compliance auditors, security engineers, computer forensics examiners, security consultants, security researchers, and trainers with in-depth expertise and decades of experience. Many of us come from the national intelligence and military information security community where we designed, protected, and countered threats to the most complex and sensitive network infrastructures in the world. We apply those skills, tactics and techniques to the benefit of our global private sector clientele.
Sera-Brynn’s clients include Fortune 500 companies, global technology enterprises, DoD contractors, state and local governments, transnational financial services institutions, large healthcare organizations, law firms, Captives and Risk Retention Groups, higher education, international joint ventures, insurance carriers and re-insurers, national-level non-profits, and mid-market retail merchants, all of whom rely on Sera-Brynn as a trusted advisor and extension of their information technology team.