Article

Cyber Risk Management Lessons Companies Need to Learn Right Now

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,106 viewsSign in to rate
Don’t want your company to be the next Yahoo, Equifax, Deloitte, or SEC? Don’t ignore cyber risk management. October is National Cyber Security Awareness Month in the U.S., which is quite fitting right now, being as barely a day is going by without yet another disclosure of a massive hack, and Americans are far more afraid of their identities being stolen than they are of ghosts and vampires. Equifax, Deloitte, and the SEC have all made headlines for all the wrong reasons, and now, like a bad meal, last year’s Yahoo breach has come back up; as it turns out, the company now believes that all three billion user accounts were compromised instead of “only” one billion. No wonder, during a keynote session at the recent (ISC)2 Congress in Austin, Texas, the FBI implored enterprises to adopt proactive cyber risk management processes grounded in logical assessments, not “emotion and fear.” That’s sound advice. Poor cyber risk management was behind each and every one of these breaches. Here are five lessons companies can take away from them. Cyber Risk Management Lesson #1: Don’t Ignore Risks and Red Flags The Yahoo breach did not happen in a vacuum; it happened after years of the company putting the “user experience” ahead of product security, even after being warned by its then-CISO of the perils of doing so. The SEC was likewise warned – by the Department of Homeland Security, no less – of “critical weaknesses” in its systems. Even worse, in an echo of the Yahoo debacle, an internal memo penned by the SEC’s internal Digital Forensics and Investigations Unit claims that the team was “woefully underfunded, undertrained, and forced to work with repurposed equipment and hard drives that had been designated by other branches of the SEC for disposal.” Cyber Risk Management Lesson #2: Don’t Transmit Sensitive Information Through Unsecured Email One would think that after what happened to Sony Pictures and the Democratic National Committee, everyone would have learned that it’s a really, really bad idea to send sensitive data through unsecured email accounts, but they’d be thinking wrong. The Deloitte breach is yet another hack of an unsecured email system where clients’ personal information was being bandied about, and during its initial disclosure, the SEC admitted that its employees were using private email accounts to “transfer confidential information.” This leads to our next lesson… Cyber Risk Management Lesson #3: Your Biggest Vulnerability Is Your Own People Equifax is now claiming that its breach was due to an error on the part of a lone employee who failed keep its installation of Apache Struts updated with the most current security fixes. This illustrates, once again, that any company’s biggest security vulnerability is its own people. All employees who use computers, from the C-suite down to the receptionist, need to be trained on cyber security best practices. Additionally, redundancy needs to be baked into the cyber risk management plan so that no single employee has the capability of doing this much damage. Why was this employee’s mistake not immediately discovered and corrected? Cyber Risk Management Lesson #4: Technical Controls Are Important, Too While your biggest vulnerability is your people, that doesn’t mean you should ignore technical controls. The Deloitte hackers got into the email system by breaching an admin account that was not protected by multifactor authentication; Equifax was running an unpatched version of Apache Struts; and Yahoo and the SEC both ignored warnings of various technical vulnerabilities. Cyber Risk Management Lesson #5: You Must Secure Your Entire Cyber Ecosystem Data environments are more complex than ever before, which means that cyber criminals have multiple ways in which to attack enterprise systems. Among other tactics, they can exploit a software vulnerability, hack into an unprotected email server or cloud storage system, make use of phishing emails or other social engineering techniques, enlist the help of a malicious insider, or even attack a third-party vendor who handles sensitive information on behalf of a larger company. Your company’s cyber risk management plan must address your entire cyber ecosystem, not just parts of it.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026