The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

Are You Being Strategic With Your Cyber Security Budget?

See Article Here

The attached article shows some interesting statistics about budgets for cyber security. Evidently budgets have increased by 141% between 2010 to 2018. The more intriguing statistic to me is that 70% of breaches are caused by people and process failures. That makes me wonder how much of the cyber security budget is aimed at reducing people and process failures. From my experience the cyber security budget asks are for technological solutions, more than improvements to security awareness training. Did you know the FBI estimates that BEC compromise schemes costs organizations 1.3 billion in 2018? As you know that particular scheme is aimed directly at a process, the ability and capability of an individual to send payments. In addition, there seems to be an uptick in misconfigurations of cloud infrastructure, that is a training issue. 

As budgets for cyber security continue to rise and be approved, it is the responsibility of the Board of Directors and the executive team to determine exactly what people and/or process failures are being addressed within the budgetary ask giving those are the biggest threats. Security and IT executives should be able to articulate where the money is going and based on the threat profile of the organization or its initiatives. Not just buzz words like AI, machine learning, security orchestration, etc. but how does the implementation of a specific initiative advance our cyber security and privacy responsibilities for the next five years. If the answer to the question is a blank stare, that’s a possible clue into the efficiencies or inefficiencies of your cyber security program.