By Rich Selvidge, CISSP, Solutions Architect at Redhawk Network Security
One thing is hard to argue in today’s complex cyber world: cyber incidents are part of doing business. Chances are, your organization’s data will be—or already has been—breached. With an employee clicking on malware every 81 seconds in the U.S., according to a study by Check Point, it’s no surprise that cyber incidents that expose sensitive data are spreading like wildfire. Most organizations focus on mitigation: you remove viruses, launch employee “don’t click” training programs, and try to secure your network from hackers. But what is your organization doing to be ready when the inevitable happens?
Are you prepared to successfully respond to incidents, whether they stem from malware, denial-of-service (DoS) attacks, stolen passwords, or lost laptops? It’s one thing to have security efforts in place to protect your data, but it’s another to have incident response planning in place. Incident response is one of the 14 requirements outlined in the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171—Protecting Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations, and enforced by the U.S. Department of Defense (DoD). If your organization contracts for the government, you must implement all 14 of these security requirements and controls by December 31, 2017. Simply put, if you do not comply, you risk losing your contracts, costing your organization millions of dollars in lost revenue. [Read more…]