Vulnerability of business lines to attack drives new conversations around
The cyber-resilience conversation is shifting into a new phase, one where the focus is now on core engines that drive a business.
“I’ve been talking to our customers now about cyber resilience and recovery from ransomware destruction for eight years,” said Jim Shook (pictured), director of cybersecurity and compliance practice at Dell Technologies Inc. “We’ve moved from having just IT and infrastructure at the table to talk about these things. Sometimes it’s the C-suite, sometimes it’s heads of business lines, but that’s been a really important development.”
Shook spoke with theCUBE industry analyst Dave Vellante during the “Navigating the Road to Cyber Resiliency” event. They discussed how the regulatory landscape could land some companies in hot water and common misconceptions about cyber protection. (* Disclosure below.)
Threat to the business
Shook’s observation about the rising influence of cyber resilience highlights a realization in the enterprise world that ransomware attacks and other forms of malicious intrusion are becoming a part of the business landscape. Just within the past month, data stolen in a ransomware attack from CommScope Holding Co. was released on the dark web, and another breach knocked essential services offline for the city of Dallas, Texas.
“Cyberattacks are a threat to the business,” Shook said. “If you’re not protecting against those threats and have the ability to be resilient to them, you’re not protecting your business. It’s more focusing on the business outcome.”
The process of navigating through a ransomware attack has become complicated, as there may be instances where a company pays the attackers and then incurs legal liability as a result. The U.S. Department of Treasury has warned that companies paying ransomware to hackers in countries under U.S. sanction could be subject to prosecution, and the Securities and Exchange Commission recently settled charges against data management software firm Blackbaud Inc. for failing to disclose the full impact of a ransomware attack.
“That’s going to require the board to take more interest and have more expertise in these areas,” Shook noted. “There are some laws that will prevent you from paying a ransom depending on who gets the money. You may make a payment and then get in trouble later even though you’ve been diligent with your process.”
Shook addressed several misconceptions that exist in the cybersecurity space. One is that companies make the mistake of believing that previous investment in disaster recovery is going to cover all the bases for returning to normal business operations.
Another is that cloud or SaaS users believe that providers will safeguard everything. While providers will include certain safeguards, the user must still maintain responsibility for taking the necessary steps to protect critical data and systems. Perhaps the biggest flaw is holding firm to a belief that some companies are simply immune from attack.
“One [misconception] is we’re not a target; we don’t need to worry about this,” Shook said. “That totally misunderstands the landscape. Everybody is a target.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the “Navigating the Road to Cyber Resiliency” event.
And you can watch the complete “Navigating the Road to Cyber Resiliency” program here:
(* Disclosure: TheCUBE is a paid media partner for the “Navigating the Road to Cyber Resiliency” event. Neither Dell Technologies Inc., the sponsor of theCUBE’s event coverage, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Your vote of support is important to us and it helps us keep the content FREE.
One-click below supports our mission to provide free, deep and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy