SoCal InfoSec Group
Cybersecurity breach incident response


News & Articles

The case for hiring an expert

Would you represent yourself or your company in court? Do you file your business or personal taxes yourself? If you answered yes to these questions, then congratulations, you may be in jail or owe the IRS money! Society is a complicated system that requires its citizens, whether individuals or collectives, to play our part to keep the system running smoothly. We pay taxes for the collective good of our society, and we have laws to maintain order and express our values. The methods we use for this are complex. There is an untold number of laws and regulations (municipal, state and federal) that we must follow or face the consequences of fine or incarceration, which will depend on the severity and nature of the infraction. No-one sane wants to part with their hard earned money or liberty so we seek guidance from others that know the law and can represent our best interest.

The American society we live in today is vastly different than it was just 20 years ago. Everyone has a digital footprint that keeps growing every day with each “share” and “like” they click. This information is used to build a profile about you so that companies can target their ads to a more receptive audience. This practice is amoral and can be used for both benign and malicious intents. On the one hand, it’s great that I see ads for products or services I care about and may use, but on the other hand, it’s quite creepy how well Google or Facebook and others know us. Tell me if this sounds familiar, you’re scrolling on Facebook, you see a sponsored ad for a product that you didn’t search for, but you had spoken about with someone recently while your phone was within earshot. This practice is targeted advertising. You allow the app to have access to the microphone and when it hears a keyword or phrase spoken, an algorithm identifies a product and then serves an ad to you in a sponsored post.

You may be thinking: This is interesting, but what is the relevance? If you don’t know how technology works or the novel ways in which it is being employed then you do not realize the full potential of its use or misuse. We all use experts in a variety of ways; you take your broken car to the mechanic, you don’t want your tire to fall off while driving. We use professionals because the systems of their expertise are beyond the layman. The same is true for cybersecurity.

According to Palo Alto networks, “Cybersecurity refers to a set of techniques used to protect the integrity of networks, programs, and data from attack, damage or unauthorized access.” Cybersecurity has never been more relevant than it is today with our evermore connected society. If you own a business today, then you have cyber responsibilities: responsibilities to your clients/customers, your employees, the state and society. It is expected, now required by legislation if you are in California, to protect the privacy of the information you collect and maintain. It is in the best interest of your company to keep sensitive data safe. Maybe it is intellectual property that would give your competitor the upper hand. Perhaps it is customer private health information from an internet connected device that you created for medical application.

The point is, we all have information that needs to stay secure. If you don’t have an understanding of necessary security precautions, then you are creating an existential risk to your company and its reputation. When, not if, your network is breached you can either be prepared with an incident response plan or not. You can mitigate the damage by segmenting your internal network and implementing security controls or not. You can return to normal operations with a backup/disaster recovery plan or go out of business. These are all cases that warrant the use of an expert to help you achieve the desired end state of protect, detect, respond and recover. The return on investment can hardly be understated. Just ask the CEOs of Target, Equifax or Marriott. It is all about how much risk you are willing to accept. I guess that begs the question: What is my risk? Moreover, that is what an expert can help you figure out.

NewsDana MarguliesComment