Cyberattacks are big, growing and constantly changing threats to businesses. Successful strikes can be devastating to a company’s finances, image and survival.
Effectively reducing the risk of cyberattacks requires a significant cultural shift within organizations, says Eric Pulse, director of risk advisory services and a principal with Eide Bailly, a prominent consulting and CPA firm in Sioux Falls.
Companies must recognize the seriousness of cyber risks and develop a strong protection plan, Pulse says. Cybersecurity strategy can’t just be left to the technology staffers, either, he says.
“Security doesn’t start at the IT Department. It has to be a cultural part of the organization. It has to be part of the organization’s life that starts with the Board on down,” Pulse says.
Pulse is among the regional and national experts on business operations and cybersecurity practices who will bring their perspectives and advice to a training seminar to be held in Sioux Falls. Sessions for the NIST Cyber Framework Training seminar are scheduled to begin at 1 p.m. Tuesday, May 3 and end at 12:15 p.m. Wednesday, May 4.
NIST Cyber Framework Training
Date: May 3 - 4, 2016
Location: Holiday Inn City Centre
(REGISTRATION IS CLOSED)
NIST is short for the National Institute of Standards and Technology. The federal agency recently led the development of up-to-date national standards, guidelines and practices. Its goal is to help businesses and other institutions improve their cybersecurity risk management and help protect the nation’s critical infrastructure.
The upcoming training seminar is a significant opportunity for businesses throughout the Upper Midwest. SDN Communications is hosting the training in partnership with the South Dakota Telecommunications Association in Pierre and Dakota State University in Madison.
Pulse is scheduled to speak on a panel that will discuss “Changing Landscapes: Legal, Regulatory and Industry Expectations.” He often works with company boards and c-suite executives and is beginning to see a shift in corporate attitudes about cybersecurity.
“The positive thing is it’s becoming more of an emphasis at the board level,” he says.
When a company’s board becomes concerned about cybersecurity, it’s also going to get the attention of the chief executive officer and other top executives, and likely work its way through the entire organization. Including the entire organization in security planning is a necessity because employees – not software or hardware – are typically the weakest link in a company’s cyber defense.
High-tech tools, such as good firewalls, can protect a company’s network. But the best equipment in the world can’t stop a poorly trained employee from unthinkingly introducing malware into a company’s system by, for example, clicking an infected link or by giving out sensitive information over the phone.
“You can spend millions of dollars creating the Maserati of security. But if there’s a weak link, that’s it. You’re just the prettiest horse in the glue factory,” Pulse says.
Once businesses recognize the importance of cybersecurity to their overall culture, Pulse encourages them to build out a strategy using the NIST framework as a starting point. NIST guidelines take a common-sense and best-practices approach. They also have the flexibility to adapt to specific industries.
The NIST framework ties together suggestions from industry, government and academia to create a process for industries such as financial services, electric utilities and telecommunications to follow in developing their own strategies.
Pulse commends SDN and other event hosts for making NIST framework training available to companies and organizations throughout the region. Cybersecurity training is something that businesses cannot afford to neglect, he says, because problems are rampant and only going to get worse.