SlideShare ist ein Scribd-Unternehmen logo

4 ways to prepare for a cyberattack

Grant Thornton LLP
Grant Thornton LLP

Lay the foundation for your cybersecurity defense with these four steps.

Internet
1 von 4
Downloaden Sie, um offline zu lesen
CorporateGovernor Unprepared organizations pay more for cyberattacks Providing vision and advice for management, boards of directors and audit committees Winter 2015 4 ways to prepare for a breach Lay the foundation for your cybersecurity defense with these four steps: 1. Data mapping and classification. Before you come up with a plan to protect your data, you need to know what you are protecting. That’s where data mapping comes in. It’s the digital equivalent of going through your home and inventorying your valuables for insurance purposes. Data mapping can help you answer important questions like: “What are the crown jewels of our business?” “Is IP important?” “Are we an information-gathering or data-hosting firm?” You need to know what your assets are — as well as their value — in order to protect them. Skip Westfall, Managing Director, Forensic and Valuation Services For those of you with your head in the sand, trying to avoid thinking about cybersecurity, it will cost you — literally. In 2013, 43% of organizations experienced a data breach, each costing an average of $5.9 million or $145 per record of information.1 Of those breached companies, 62% lacked an incident management plan; those with a plan in place reduced the cost per record by $12.77. You can’t afford to sit around and hope a cyberattack won’t happen. The best thing you can do is be proactive. Come up with a plan and ask yourself: What can we do to prepare our company? 1 Ponemon Institute. 2014 Cost of Data Breach Study, May 5, 2014. See ibm.com/services/costofbreach for details.
2 CorporateGovernor – Winter 2015 Unprepared organizations pay more for cyberattacks 2. Conduct a vendor assessment. You need to account for data held by business partners, vendors and other third parties — not just the data stored within your organization. Are they protecting data with the same fervor you are? To find out, it’s critical to conduct an assessment of your partners’ cybersecurity measures and assess your vendors’ management processes. You’ll need to determine how these organizations will protect your data, either through contractual agreements, assessments or audits. Depending on the size of your organization, your vendor management group may be able to handle this, or it might require a combined effort, with your accounting group and IT security staff working together to look at vendors. 3. Create a risk profile. There’s no way to know exactly how vulnerable your systems are without having someone try to hack them. Hire an outside firm to conduct a vulnerability assessment and penetration test (i.e., ethical hacking). Form a risk profile based on its report and identify the biggest weaknesses in your systems. The information will help you decide where to allocate your resources and what areas to prioritize. 4. Create an incident response (IR) team and develop a plan of action. While cybersecurity may seem like a specialized issue, it has a much broader impact than your run-of-the-mill IT matter. As such, you’ll want to have a defined IR team at your disposal to help tackle any potential breaches. Some organizations appoint a chief information security officer to oversee cybersecurity efforts and report to the internal audit leader or CFO. The creation of such a position can decrease the cost per record of information by $6.59.2 The rest of the team should include representatives from all data custodians, such as HR, marketing, accounting and RD, as well as the security officer and IT director. In some cases, you’ll also want to include any vendors or partners that have access to your data, as well as members of your PR team, a federal law enforcement official, and a specialized consultant who can help you in case of a breach. With your team activated, you can create an IR plan to outline your responses to various scenarios, establish a base of operations and name a single point of contact. Your risk profile and IR plan should be living documents. Ideally, you should conduct a vulnerability assessment and penetration test every six months, updating the risk profile and informing the IR team of the results so they are aware of the evolving strategy. If you do things right and have a team and plan in place, you can counter a cybersecurity issue and restore faith in your brand in less than a day. Even after these steps have been taken, your work is not done. Your organization must maintain constant vigilance and be proactive. The IR team should meet with stakeholders and update its risk profile regularly — at least once a quarter — and as the organization evolves, so should its risk profile. 2 Ibid.
3 CorporateGovernor – Winter 2015 Unprepared organizations pay more for cyberattacks What to do if you experience a breach Planning and risk mitigation are important, but they cannot guarantee protection from an attack. If you experience a breach, the first thing to do is notify outside counsel, who will direct your team as they start executing your IR plan. Bring all the stakeholders to the table and keep any relevant parties apprised of your team’s findings. Your IT services adviser should act quickly to assess and report on the extent of the breach, ideally within 12–18 hours. Your adviser will then perform data analytics on server logs, routers and network operations devices to understand anomalies and determine where the breach originated. They will address whether the breach was internal or external, or possibly even employee-assisted. Perhaps your systems were never actually breached, but hackers were able to get in through a third-party channel. The adviser will collect email from servers, as well as review unstructured data to determine whether your organization did what it could to prevent the breach. Finally, upon completing the investigation, the adviser should work with your IR team to preserve your data for remediation purposes, patch holes or remove malware, and get your organization back online to avoid operation delays. After the initial crisis, your adviser will work with the in-house IT team to replace any corrupt systems and implement projects to address security weaknesses. You may need litigation support, project management and PR services. Long term, you’ll likely work with IT analysts, industry experts and other specialists to assess processes and make any necessary changes to the IR plan. Plan now, thank yourself later Ignoring cybersecurity issues will cost you. Ask yourself what you can do to bolster your internal defenses, and then take steps to establish an IR plan. The immediate benefit will be the peace of mind you’ll get from your actions. Should you experience a breach, the money and brand reputation you will save will be invaluable. So don’t be sorry, be prepared. Contacts Skip Westfall Managing Director Forensic and Valuation Services T +1 832 476 5000 E skip.westfall@us.gt.com Brad Preber National Managing Partner Forensic and Valuation Services T +1 602 474 3440 E brad.preber@us.gt.com Editor Evangeline Umali Hannum E evangeline.umalihannum@ us.gt.com
About the newsletter CorporateGovernor is published by Grant Thornton LLP. The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest-quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity. Content in this publication is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information about the issues discussed, consult a Grant Thornton LLP client service partner or another qualified professional. “Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL and its member firms are not a worldwide partnership. All member firms are individual legal entities separate from GTIL. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. Please visit grantthornton.com for details. © 2015 Grant Thornton LLP  |  All rights reserved  |  U.S. member firm of Grant Thornton International Ltd Connect with us grantthornton.com @grantthorntonus linkd.in/grantthorntonus

Empfohlen

CCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsCCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsGrant Thornton LLP
 
Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Grant Thornton LLP
 
Is the cloud right for your business?
Is the cloud right for your business? Is the cloud right for your business?
Is the cloud right for your business? Grant Thornton LLP
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Grant Thornton LLP
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneGrant Thornton LLP
 
2015 Corporate general counsel survey results
2015 Corporate general counsel survey results2015 Corporate general counsel survey results
2015 Corporate general counsel survey resultsGrant Thornton LLP
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdGrant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 

Empfohlen

CCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsCCAR and stress-testing segmentation insights
CCAR and stress-testing segmentation insightsGrant Thornton LLP
 
Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Asset Manager’s Guide to SOC 1
Asset Manager’s Guide to SOC 1Grant Thornton LLP
 
Is the cloud right for your business?
Is the cloud right for your business? Is the cloud right for your business?
Is the cloud right for your business? Grant Thornton LLP
 
Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Blend instinct and solid data for overseas investment decisions
Blend instinct and solid data for overseas investment decisions Grant Thornton LLP
 
For effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneFor effective governance, boards must set a stronger tone
For effective governance, boards must set a stronger toneGrant Thornton LLP
 
2015 Corporate general counsel survey results
2015 Corporate general counsel survey results2015 Corporate general counsel survey results
2015 Corporate general counsel survey resultsGrant Thornton LLP
 
Compliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdCompliance implications of crossing the $10 billion asset threshold
Compliance implications of crossing the $10 billion asset thresholdGrant Thornton LLP
 
2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managers2016 SEC & FINRA exam priorities for asset managers
2016 SEC & FINRA exam priorities for asset managersGrant Thornton LLP
 
After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processGrant Thornton LLP
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthGrant Thornton LLP
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeGrant Thornton LLP
 
Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Grant Thornton LLP
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Grant Thornton LLP
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingGrant Thornton LLP
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational changeGrant Thornton LLP
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public healthGrant Thornton LLP
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesGrant Thornton LLP
 
12 ways to enhance financial performance
12 ways to enhance financial performance12 ways to enhance financial performance
12 ways to enhance financial performanceGrant Thornton LLP
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelGrant Thornton LLP
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionGrant Thornton LLP
 
SALT energy savings
SALT energy savingsSALT energy savings
SALT energy savingsGrant Thornton LLP
 
Financial executive compensation survey 2015
Financial executive compensation survey 2015Financial executive compensation survey 2015
Financial executive compensation survey 2015Grant Thornton LLP
 
GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019Grant Thornton LLP
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019Grant Thornton LLP
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs GuideGrant Thornton LLP
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017Grant Thornton LLP
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 

Weitere ähnliche Inhalte

Andere mochten auch

After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processGrant Thornton LLP
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthGrant Thornton LLP
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeGrant Thornton LLP
 
Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Grant Thornton LLP
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Grant Thornton LLP
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingGrant Thornton LLP
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational changeGrant Thornton LLP
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public healthGrant Thornton LLP
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisorsGrant Thornton LLP
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesGrant Thornton LLP
 
12 ways to enhance financial performance
12 ways to enhance financial performance12 ways to enhance financial performance
12 ways to enhance financial performanceGrant Thornton LLP
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelGrant Thornton LLP
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionGrant Thornton LLP
 
Financial executive compensation survey 2015
Financial executive compensation survey 2015Financial executive compensation survey 2015
Financial executive compensation survey 2015Grant Thornton LLP
 

Andere mochten auch (16)

After the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax processAfter the acquisition: 5 steps to manage the tax process
After the acquisition: 5 steps to manage the tax process
 
CAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growthCAEs speak out: Cybersecurity seen as key threat to growth
CAEs speak out: Cybersecurity seen as key threat to growth
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Strategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business incomeStrategic ways to pursue unrelated business income
Strategic ways to pursue unrelated business income
 
Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment Corporate counsel & the burden of the regulatory environment
Corporate counsel & the burden of the regulatory environment
 
Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack Case Study: How to cope with a spearfishing cyber attack
Case Study: How to cope with a spearfishing cyber attack
 
Benchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturingBenchmarking data: Innovation and growth in U.S. manufacturing
Benchmarking data: Innovation and growth in U.S. manufacturing
 
3 success factors for transformational change
3 success factors for transformational change3 success factors for transformational change
3 success factors for transformational change
 
Lessons in collaborating for public health
Lessons in collaborating for public healthLessons in collaborating for public health
Lessons in collaborating for public health
 
Data Security: A field guide for franchisors
Data Security: A field guide for franchisorsData Security: A field guide for franchisors
Data Security: A field guide for franchisors
 
Evaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomesEvaluating an M&A strategy to expand impact and enhance outcomes
Evaluating an M&A strategy to expand impact and enhance outcomes
 
12 ways to enhance financial performance
12 ways to enhance financial performance12 ways to enhance financial performance
12 ways to enhance financial performance
 
FASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting modelFASB changes to the nonprofit financial reporting model
FASB changes to the nonprofit financial reporting model
 
Enhancing the strategic value of the finance function
Enhancing the strategic value of the finance functionEnhancing the strategic value of the finance function
Enhancing the strategic value of the finance function
 
SALT energy savings
SALT energy savingsSALT energy savings
SALT energy savings
 
Financial executive compensation survey 2015
Financial executive compensation survey 2015Financial executive compensation survey 2015
Financial executive compensation survey 2015
 

Mehr von Grant Thornton LLP

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019Grant Thornton LLP
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017Grant Thornton LLP
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Grant Thornton LLP
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017Grant Thornton LLP
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Grant Thornton LLP
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonGrant Thornton LLP
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagementGrant Thornton LLP
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020Grant Thornton LLP
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonGrant Thornton LLP
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookGrant Thornton LLP
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry Grant Thornton LLP
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementGrant Thornton LLP
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration Grant Thornton LLP
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsGrant Thornton LLP
 

Mehr von Grant Thornton LLP (20)

GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019GT Events and Programs Guide February/March 2019
GT Events and Programs Guide February/March 2019
 
GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019GT Events and Programs Guide December/January 2019
GT Events and Programs Guide December/January 2019
 
GT Events and Programs Guide
GT Events and Programs GuideGT Events and Programs Guide
GT Events and Programs Guide
 
GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017GT Events & Program Guide: ForwardThinking October/November 2017
GT Events & Program Guide: ForwardThinking October/November 2017
 
Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020Real Estate Industry Success: Build, Transform and Protect Value into 2020
Real Estate Industry Success: Build, Transform and Protect Value into 2020
 
Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020Asset Management Industry Success: Build, Transform and Protect Value into 2020
Asset Management Industry Success: Build, Transform and Protect Value into 2020
 
Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020Technology Industry Success: Build, Transform and Protect Value into 2020
Technology Industry Success: Build, Transform and Protect Value into 2020
 
Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020Banking Industry Success: Build, Transform and Protect Value into 2020
Banking Industry Success: Build, Transform and Protect Value into 2020
 
GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017GT Events & Program Guide: ForwardThinking August/September 2017
GT Events & Program Guide: ForwardThinking August/September 2017
 
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
Why prepare now? 5 things that smart businesses are doing TODAY to prepare fo...
 
ForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant ThorntonForwardThinking June/July 2017 Grant Thornton
ForwardThinking June/July 2017 Grant Thornton
 
10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement10 social media tips for nonprofits to further engagement
10 social media tips for nonprofits to further engagement
 
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020The Future of Growth and Industries Webcast Series: Trends to watch for 2020
The Future of Growth and Industries Webcast Series: Trends to watch for 2020
 
ForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant ThorntonForwardThinking April/May 2017 Grant Thornton
ForwardThinking April/May 2017 Grant Thornton
 
The Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 OutlookThe Future of Industry: Sector Convergence & 2017 Outlook
The Future of Industry: Sector Convergence & 2017 Outlook
 
ForwardThinking Q1 2017
ForwardThinking Q1 2017ForwardThinking Q1 2017
ForwardThinking Q1 2017
 
DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry DOL fiduciary rule: How it affects the insurance industry
DOL fiduciary rule: How it affects the insurance industry
 
Tightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset managementTightening pressure transforms the landscape: The state of asset management
Tightening pressure transforms the landscape: The state of asset management
 
Challenges facing a new administration
Challenges facing a new administration Challenges facing a new administration
Challenges facing a new administration
 
Impact of voter turnout in U.S. elections
Impact of voter turnout in U.S. electionsImpact of voter turnout in U.S. elections
Impact of voter turnout in U.S. elections
 

Kürzlich hochgeladen

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 

Kürzlich hochgeladen (11)

Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 

4 ways to prepare for a cyberattack

  • 1. CorporateGovernor Unprepared organizations pay more for cyberattacks Providing vision and advice for management, boards of directors and audit committees Winter 2015 4 ways to prepare for a breach Lay the foundation for your cybersecurity defense with these four steps: 1. Data mapping and classification. Before you come up with a plan to protect your data, you need to know what you are protecting. That’s where data mapping comes in. It’s the digital equivalent of going through your home and inventorying your valuables for insurance purposes. Data mapping can help you answer important questions like: “What are the crown jewels of our business?” “Is IP important?” “Are we an information-gathering or data-hosting firm?” You need to know what your assets are — as well as their value — in order to protect them. Skip Westfall, Managing Director, Forensic and Valuation Services For those of you with your head in the sand, trying to avoid thinking about cybersecurity, it will cost you — literally. In 2013, 43% of organizations experienced a data breach, each costing an average of $5.9 million or $145 per record of information.1 Of those breached companies, 62% lacked an incident management plan; those with a plan in place reduced the cost per record by $12.77. You can’t afford to sit around and hope a cyberattack won’t happen. The best thing you can do is be proactive. Come up with a plan and ask yourself: What can we do to prepare our company? 1 Ponemon Institute. 2014 Cost of Data Breach Study, May 5, 2014. See ibm.com/services/costofbreach for details.
  • 2. 2 CorporateGovernor – Winter 2015 Unprepared organizations pay more for cyberattacks 2. Conduct a vendor assessment. You need to account for data held by business partners, vendors and other third parties — not just the data stored within your organization. Are they protecting data with the same fervor you are? To find out, it’s critical to conduct an assessment of your partners’ cybersecurity measures and assess your vendors’ management processes. You’ll need to determine how these organizations will protect your data, either through contractual agreements, assessments or audits. Depending on the size of your organization, your vendor management group may be able to handle this, or it might require a combined effort, with your accounting group and IT security staff working together to look at vendors. 3. Create a risk profile. There’s no way to know exactly how vulnerable your systems are without having someone try to hack them. Hire an outside firm to conduct a vulnerability assessment and penetration test (i.e., ethical hacking). Form a risk profile based on its report and identify the biggest weaknesses in your systems. The information will help you decide where to allocate your resources and what areas to prioritize. 4. Create an incident response (IR) team and develop a plan of action. While cybersecurity may seem like a specialized issue, it has a much broader impact than your run-of-the-mill IT matter. As such, you’ll want to have a defined IR team at your disposal to help tackle any potential breaches. Some organizations appoint a chief information security officer to oversee cybersecurity efforts and report to the internal audit leader or CFO. The creation of such a position can decrease the cost per record of information by $6.59.2 The rest of the team should include representatives from all data custodians, such as HR, marketing, accounting and RD, as well as the security officer and IT director. In some cases, you’ll also want to include any vendors or partners that have access to your data, as well as members of your PR team, a federal law enforcement official, and a specialized consultant who can help you in case of a breach. With your team activated, you can create an IR plan to outline your responses to various scenarios, establish a base of operations and name a single point of contact. Your risk profile and IR plan should be living documents. Ideally, you should conduct a vulnerability assessment and penetration test every six months, updating the risk profile and informing the IR team of the results so they are aware of the evolving strategy. If you do things right and have a team and plan in place, you can counter a cybersecurity issue and restore faith in your brand in less than a day. Even after these steps have been taken, your work is not done. Your organization must maintain constant vigilance and be proactive. The IR team should meet with stakeholders and update its risk profile regularly — at least once a quarter — and as the organization evolves, so should its risk profile. 2 Ibid.
  • 3. 3 CorporateGovernor – Winter 2015 Unprepared organizations pay more for cyberattacks What to do if you experience a breach Planning and risk mitigation are important, but they cannot guarantee protection from an attack. If you experience a breach, the first thing to do is notify outside counsel, who will direct your team as they start executing your IR plan. Bring all the stakeholders to the table and keep any relevant parties apprised of your team’s findings. Your IT services adviser should act quickly to assess and report on the extent of the breach, ideally within 12–18 hours. Your adviser will then perform data analytics on server logs, routers and network operations devices to understand anomalies and determine where the breach originated. They will address whether the breach was internal or external, or possibly even employee-assisted. Perhaps your systems were never actually breached, but hackers were able to get in through a third-party channel. The adviser will collect email from servers, as well as review unstructured data to determine whether your organization did what it could to prevent the breach. Finally, upon completing the investigation, the adviser should work with your IR team to preserve your data for remediation purposes, patch holes or remove malware, and get your organization back online to avoid operation delays. After the initial crisis, your adviser will work with the in-house IT team to replace any corrupt systems and implement projects to address security weaknesses. You may need litigation support, project management and PR services. Long term, you’ll likely work with IT analysts, industry experts and other specialists to assess processes and make any necessary changes to the IR plan. Plan now, thank yourself later Ignoring cybersecurity issues will cost you. Ask yourself what you can do to bolster your internal defenses, and then take steps to establish an IR plan. The immediate benefit will be the peace of mind you’ll get from your actions. Should you experience a breach, the money and brand reputation you will save will be invaluable. So don’t be sorry, be prepared. Contacts Skip Westfall Managing Director Forensic and Valuation Services T +1 832 476 5000 E skip.westfall@us.gt.com Brad Preber National Managing Partner Forensic and Valuation Services T +1 602 474 3440 E brad.preber@us.gt.com Editor Evangeline Umali Hannum E evangeline.umalihannum@ us.gt.com
  • 4. About the newsletter CorporateGovernor is published by Grant Thornton LLP. The people in the independent firms of Grant Thornton International Ltd provide personalized attention and the highest-quality service to public and private clients in more than 100 countries. Grant Thornton LLP is the U.S. member firm of Grant Thornton International Ltd, one of the world’s leading organizations of independent audit, tax and advisory firms. Grant Thornton International Ltd and its member firms are not a worldwide partnership, as each member firm is a separate and distinct legal entity. Content in this publication is not intended to answer specific questions or suggest suitability of action in a particular case. For additional information about the issues discussed, consult a Grant Thornton LLP client service partner or another qualified professional. “Grant Thornton” refers to Grant Thornton LLP, the U.S. member firm of Grant Thornton International Ltd (GTIL). GTIL and its member firms are not a worldwide partnership. All member firms are individual legal entities separate from GTIL. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions. Please visit grantthornton.com for details. © 2015 Grant Thornton LLP  |  All rights reserved  |  U.S. member firm of Grant Thornton International Ltd Connect with us grantthornton.com @grantthorntonus linkd.in/grantthorntonus