Cyber Security V1: Online

Source: McKinsey Cybersecurity service line

A typical cybersecurity breach has a predictable pattern of incident and response.

Once the data are breached, the security team tries to determine best way to inform senior executives but protocols are not clear.

What the cyber team does Initially, the IT security team does not realize that data are being threatened.

What the cyber team sees Inquiry is made to senior executives about temp file being created and deleted. Slow laptops are reported to IT and chief information officer. Help-desk ticket is sent to IT security lead.

Source: McKinsey Cybersecurity service line

A typical cybersecurity breach has a predictable pattern of incident and response.

Insider gives or sells employee data files to a cybercriminal Cybercriminal uses old but valid credentials to access company servers and download employee records containing personally identifiable information (PII).

What the cyber team sees Data loss alerts are sent to the security lead in the IT organization.

What the cyber team sees Team focuses on the forensics of the alert but is not able to connect it to previous notifications.

Source: McKinsey Cybersecurity service line

A typical cybersecurity breach has a predictable pattern of incident and response.

Cybercriminal sells PII data to identity thieves on the black market Identity thieves buy and use the employee data for fraudulent transactions.

What the cyber team sees Based on individuals' and organization's complaints, the FBI detects the data breach and files a report with government affairs.

What the cyber team does IT security reactively investigates employee data leak, to determine the scope of the breach. Team escalates event to privacy team.

Source: McKinsey Cybersecurity service line

A typical cybersecurity breach has a predictable pattern of incident and response.

Sensitive data published on social media Bloggers publish video with references to the sensitive data stolen.

What the cyber team sees An online video, found by employees, is sent to the head of communications.

What the cyber team does The security team engages the communications group.

Beware of internal threats, as well as external ones Staffers must be trained to recognize and speak outwhen they see suspicious activity. Technology aside,they are truly the first line of defense against cyberthreats.

Prioritize corporate assets for protection The highest-value data sets should receive the highest level of security. Companies can use a risk-categorization model to understand trade-offs.

Draw a cybersecurity road map Business and IT leaders must continually review cybersecurity initiatives, roles, responsibilities, and reporting lines so teams may be responsive.

Treat cybersecurity as a permanent capital expense Funding cannot grow and shrink based on whether the company suffered an intrusion in the past 6 months or not.

Source: McKinsey Cybersecurity service line

To break from predictable patterns, companies can take four steps