Cybersecurity conversations filled the halls when 400 Iowa business leaders came together for the first time in two years in early June. New breaches dominated the headlines as the Association for Business and Industry’s Taking Care of Business conference convened. In fact, throughout the gathering, Iowa’s largest community college was shut down while trying to recover from a ransomware attack.
All the breaking breach news put cybersecurity at the front of many minds. It was hard to find a conference attendee who still thought their business is too small or their data too boring to draw a hacker’s interest.
To help leaders across industry sectors understand how to ramp up their organizations’ security posture, Pratum Founder and CEO Dave Nelson joined a panel discussion on best practices for business cybersecurity. Here are key tips highlighted during the discussion.
Dave Nelson: "Get an IT risk assessment. That keeps you from spending so much money on the wrong areas that you don’t have money left for the important ones. If you don’t start with a risk assessment, you’re just throwing darts—and you don’t even know if you’re facing the dartboard."
Brian McCormac: "Map your data. Invariably, you have info you don’t know you have. Businesses are very siloed. HR doesn’t know what marketing has, and legal doesn’t know what anybody has. One company was collecting racial info in Europe, which is a big no-no. Why? They didn’t know. They just said they always have. So pursue a plan for data minimization. Have only the data you need and make it available only to those who must have it."
For help in understanding how any of these areas affects your specific situation, contact Pratum today.
In the last six months, every week seems to bring a major new cybersecurity headline. So when the Secure Iowa Conference returns in person on October 6 after a two-year, pandemic-induced hiatus, one day will barely contain all the updates.
At the event tailored for Iowa’s security, privacy and audit professionals, keynote and breakout speakers will cover:
Pratum has helped organize and sponsor Iowa’s largest information security conference since its inception. Pratum Founder and CEO Dave Nelson helped start the Secure Iowa Conference in 2012 when he served as president of ISSA Des Moines Chapter. So as the conference reached 400 attendees and outgrew the management capacity of ISSA Des Moines’ volunteer board, Pratum was the obvious choice to purchase the event in 2021.
Pratum is the right team to take the conference to the next level. The company has had a lead role in sponsoring and operating the conference since its beginning. As Pratum fully takes the reigns on the conference, our board can focus on creating additional educational opportunities for members.Kevin Seuferer President ISSA Board of Directors
ISSA will remain involved in the Secure Iowa Conference by:
Return attendees should note the new location for Secure Iowa: Hy-Vee’s Ron Pearson Center in West Des Moines. After several years in Ankeny, the event moves to the Pearson Center to take advantage of spaces built to handle keynotes, breakouts and exhibits. The 5-year-old venue also provides cutting-edge lighting and presentation systems fitting for the tech-focused conference.
Does ransomware seem like it’s your problem yet? We have the tips to help you fight ransomware—but first you have to decide you’re ready to take some action.
Did ransomware get your attention when you heard about East Coast gas stations running dry after an attack led the Colonial Pipeline to shut down? How about when eager lawyers filed a class action lawsuit against Colonial, alleging that its inadequate cybersecurity measures harmed consumers?
Did ransomware send a shutter through your grocery budget when an attack shut down nine beef-packing plants at JBS, the world’s largest meat processing company?
Did it grab your interest when the average ransom payment more than doubled to $312,000 in 2020?
The message seems to be sinking in that it’s time to get serious with a plan to fight ransomware. A month after the Colonial Pipeline breach, 2/3 of organizations reported that they intend to take action to harden their defenses.
The U.S. government is also stepping up its response. President Biden issued an executive order in May aimed at, among other actions, strengthening software security in federal agencies and creating a federal board to investigate major breaches. The administration says it intends to shift the focus from incident response to incident prevention.
Dozens of states are working on new regulations to step up cybersecurity across several industries.
Biden will surely address Russia’s hacker-friendly climate when he meets with Russian President Putin in mid-June, as the JBS attack (like the Colonial Pipeline attack and multiple others) was almost immediately attributed to a criminal organization in Russia. But if you’re pinning your organization’s safety on the hope that Russia will crack down on hackers, you may also have a tendency to think vampires make excellent stewards of blood banks.
The fact is that the government can’t keep up. Hacking operations are well-run businesses employing some of the world’s best coders. They shift tactics constantly and engage in flexes like quoting your own cybersecurity policy back to you if you claim that you can’t afford the ransom they demand.
The creaky engines of legislation and even executive action can’t pivot as fast as the bad guys. And the vast web of overlapping and disconnected entities in state and federal government leaves gaping holes in cybersecurity efforts.
So, while new regulations may put a dent in the ransomware wave, protecting our organizations relies on each of us leaders taking decisive action specific to our situations. If all the ransomware headlines have provided the wake-up call you need, here’s what you can start doing.