I came across this article and felt that it was a very unique, comprehensive “handbook” on how to secure an organization, based on the lessons learned from the never-ending Yahoo breach, and Target’s. It showed how much money it cost Yahoo (i.e. Verizon cutting the deal by $350M), and then provided a general outline for how companies should tackle the ever-changing, incredibly difficult task of securing their organization.
From steps as simple as determining your greatest digital assets, to something as complex as designing a PR cyber incident fire drill, it is a pretty decent snapshot of concepts to consider. I particularly enjoyed how they called out the importance of not just spending money on cyber security, but actually practicing it. Analyzing the enemy, deploying countermeasures to alert your team of a breach, and encouraging innovation in terms of making it difficult for outsiders to access your organization’s critical information were all suggested by the author.
“Today, instead of writing a bigger check to build a bigger fortress, design an adversarial-based approach to protecting your organization. Find them before they find you.”