Discussions by Domain: Risk Management & Incident Response
“Our ability to collaborate will lead to everyone’s success” – James Mottola
James Mottola is the Vice President of Data Privacy, Investigations and Security for Porzio Compliance Services. James leverages his experience and expertise to counsel and advise clients on matters of information security, security, data protection, compliance, privacy and incident response planning. He works with organizations to reduce the likelihood and financial impact of the theft of data and cyber-crime. He holds various certifications in physical and information security, and a Master of Science in Management, with a focus on Organizational Change.
James works with emerging businesses, educational institutions and organizations to provide a strategic perspective, in a wide range of security matters. He advises clients in the areas of risk identification and mitigation to help them prepare, respond and recover from cyber related events to reduce the likelihood and impact of financial fraud and increase organizational resilience.
James developed his unique skill set during his years as a Special Agent in the New York, Phoenix and Frankfurt, Germany office and culminating in his role as the Special Agent in Charge of the Newark Field Office in New Jersey. He holds a Certified Protection Professional (CPP) certification from ASIS, a Certified Information Security Manager (CISM) certification offered by ISACA, and a Masters of Management, specialization in Organizational Change
Ondrej Krehel, Founder and CEO of Lifars quote “Americans are digitally naked.”
Every day hackers wake up with the job to steal your information. Every day you wake up as a business owner with the job to deliver your product or service as best as you can for your customers. You are at an immediate disadvantage.
These criminals want the digital assets that show your intellectual property or proprietary business processes and how you make money. They will use any other data that they get first to eventually get to that. That’s why your digital assets should be highly prized. A cyber-attack has a lot more consequences for the business then just releasing someone’s social security number.
Teams need to take a holistic approach to physical & digital security by looking at the full picture.
Here are 6 Cybersecurity Challenges to consider in your business.
1. Your digital assets are your currency. They are the lifeblood for every business process. Once you and your employees understand that, it will give data privacy & cybersecurity the proper attention it deserves in an organization.
2. This is an ever-changing landscape of risk. Businesses are out matched and need help.
3. Value a proactive approach to investing in information technology. It’s always cheaper to upgrade your information technology then it is to have to remediate the costs of incidents.
Ask yourself what it would cost to be out of business for a day and then multiple that for a week or 10 days. That’s when the dollars start to really add up and business owners understand.
4. Security is an ever-evolving process. Every step they take and everything they do is going to make them better, but it won’t happen overnight nor is it a set it and forget it policy.
5. As a business owner or executive, you can’t be great at everything. Pick and choose your battles and focus on what you are great. Let others take care of the stuff you’re not good at – like cybersecurity.
6. Create a culture of security awareness in your organization.
James walked us through the typical process of cyber incidents to which he has responded.
2. Soon after, rational business decision making based on what you know and your experience goes out the window.
3. A ransomware attack immediately reveals the weaknesses in your technology environment. It tests your backups, information technology providers- both internal and external. You may even find that there are things that were supposed to be done that were not, like proper backups.
4. Next step, you try to figure out if you have cyber liability insurance or not, and what is actually covered under that policy, especially as an attack usually shuts down operations, resulting in a revenue loss and remediation is costly. Most of the time, insurance policies are not in place and you do not have another way to operate your business. That’s when things start to resemble the TV show, Naked & Afraid.
5. At this point, hopefully you have in place a decision tree of experts that can help walk you through a methodical process on how to handle the situation. The goal is for those experts to direct you to a point where you can make a business decision about what to do next. Unfortunately, many times this group of trusted advisors is not in place and it becomes very stressful time for everyone involved.
Finally yet importantly, here’s a common mistake everyone makes when the Secret Service shows up at their door because they’ve found out your business has been breached. The Secret Service only acts as investigators. They do not remediate. This is the reason why business owners need to bring in experts to mitigate the risks after an incident. And that’s where Porzio Compliance Services comes in.
“Have the appropriate team to combat a ransomware event.”– Brian Burke. Read more about what Brian Burke of The Cypsis Group has to say about defending against ransomware attacks.
“The fluidity of your strategy has to be all-encompassing.” – Christian Amato
“Today’s internet solutions need to be built for network diversity, resiliency, and performance.” – Victor Cardona. See what else Comcast’s Victor Cardona had to offer on this weeks Discussions by Domain podcast.