Sage Advice - Cybersecurity Blog

Becky Metivier

Recent Posts

Privacy’s Conflicting Interests

Strong cybersecurity programs tightly control financial assets, but more and more, it’s information that’s the target of various bad actors around the world. A lot of this data falls into the privacy realm and under the protection of privacy laws. As new laws like the EU’s General Data Protection Regulation (GDPR) expand these protections, they’re colliding with equally important but often-conflicting national security and crime-fighting interests, according to Lawrence Dietz, founder of DataPrivacyLaw.com.

Read More

Topics: Privacy, CyberCrime Symposium

Why CISOs Need to Care About Privacy

Why should information security officers care about privacy? That’s the loaded question Todd Fitzgerald posed to a packed audience in his opening keynote at the 2018 CyberCrime Symposium. The short answer: They have to.

Read More

Topics: Privacy, CyberCrime Symposium

Lessons from the 2018 CyberCrime Symposium

Arguments over the importance of security versus privacy will continue, but the debate’s losing steam by the second. In today’s data-driven world, cybersecurity and data privacy are interdependent, high-stake functions, and businesses and government entities must prioritize both. This mandate is transforming the CISO role, with business leaders restructuring their org charts to create new C-level partnerships, reporting structures, and seats at the big table.

Read More

Topics: CyberCrime Symposium, Privacy

Easy Tools to Help You Create Cybersecurity Checklists that Work

Documenting step-by-step processes that are easy to follow, repeatable, and transferable, is a great way to create institutional knowledge. It makes your organization more cyber mature, and therefore, more resilient. Checklists are one of the methodologies that you can use to make that happen.

Read More

Topics: Cybersecurity Culture, Risk Management

Checklists to Keep Your Cybersecurity Program on Track

It’s not unusual to encounter an organization that is using practical knowledge, a.k.a. tribal knowledge, to operate. Practical knowledge is what each individual professional knows in-practice and is able to perform, but isn't really documented anywhere. It may be about how hardware is configured, how applications are designed, or in some cases, it involves information about historical decisions. The issue with tribal knowledge is that it disappears from an organization when people move on.

Read More

Topics: Cybersecurity Culture, Risk Management

How Checklists Can Improve Your Cybersecurity Program

Checklists are a great tool for keeping us on track. Surgeon Atul Gawande argues in The Checklist Manifesto: How to Get Things Right, that the simple checklist – perhaps one of the most basic organizational tools — can improve the effectiveness of teams and individuals performing complex tasks. When his team introduced a two-minute checklist to eight hospitals as part of a research study in 2008, deaths were reduced by almost half.

Read More

Topics: Risk Management, Cybersecurity Culture

Why are Cyberattacks in the Healthcare Sector on the Rise?

Healthcare organizations are a favorite target for cybercriminals. In the first quarter of 2018, about 1.13 million patient records were compromised in 110 healthcare data breaches (Protenus Breach Barometer). That’s about one data breach per day.

Read More

Topics: Healthcare, Threat Intelligence

Understanding the Cybersecurity Threats That Put Your Business at Risk

A crucial piece of building a cyber resilient organization is taking a risk-based approach to decision making. You need to balance risk against rewards, and manage cybersecurity risk in a way that is consistent with your organization’s objectives. Having an effective Risk Management Program can ensure your organization’s resilience.

Read More

Topics: Risk Management

Medical Identity Theft: Tips for Detection, Correction, and Protection

If you’ve been the victim of identity theft, you’re not alone. In the past five years, we’ve seen healthcare data breaches grow in both size and frequency, with the largest breaches impacting as many as 80 million people. One in four US consumers had their healthcare data stolen in 2017, and 50% of breaches resulted in medical identity theft. Victims paid an average of $2,500 out-of-pocket costs per incident (Accenture).

Read More

Topics: Cyber Defense, Healthcare

Managing Vendor Cybersecurity Risk: Lessons from the Mega Breach that Started it All

Even more than five years later, the Target breach is still one of the top 10 data breaches of the 21st century. It was also a watershed moment for cybersecurity. Not only did it shine a spotlight on payment card security, it also brought to light the idea that third-party vendors are a potential cybersecurity risk that organizations need to consider.

Read More

Topics: Vendor Management, Risk Management