Special Advertising Section
“How AI is going to be used by these bad guys is going to be the next technical issue that companies need to deal with.” Tom Skoog, Blue & Co. Recovery: How do we get back up and running and sort of something that resembles normalcy? Mike mentioned one of those communications probably is immediately going to be to your cybersecurity carrier. Those cyber carriers are going to tell you the next two phone calls you’re going to make are to this law firm, because everything that you’re going to do is going to be under attorney-client privilege. And secondly, it’s going to be to this forensic firm to figure out what happened, figure out what the extent of the damages have been or the consequences have been, and then how to move forward. And at a minimum, annually you should come up with some scenarios of, OK, let’s talk through what we would do if we had a laptop stolen. IT person, what’s your responsibil-
ity? CEO, what’s your responsibility? Who’s making the first call? Who’s making the second call? Because without doing that, the chances that you’re going to actually execute the plan accordingly are going to drop pretty precipitously.
Moran: One of the things that we
went ahead and did is we put together, for what it’s worth, a little white paper that you can get on our website that’s kind of a framework for developing your incident response plan, and that’s been pretty well received.
Skoog: I think one other thing that
companies ought to be doing is really keeping an eye on regulatory changes inside of their industry. They’re happening consistently, and the industry that’s struggling with it
right now is the construction industry, particularly if they’re doing work with the Department of Defense. Because the DOD has come out with some extremely demanding security protections that are in place if you’re part of the DOD supply chain, and they are going to be having third parties come in and assess, eventually, your compliance with these requirements. And if you’re not compliant, you’re not able to bid on new contracts.
CEO: What’s coming next? Skoog: For the last few years the type
of attacks that companies had to worry about haven’t changed that much. It’s getting phishing emails and having those phishing emails deliver malware or ransomware. And now, the sophistication of those emails maybe has changed, and the sophistication of the ransomware and the malware has changed, but at the end of the day those are still the top risks that organizations need to worry about. But I think just as they start getting to a point where they figured out how to manage those risks to an acceptable
CD-0006272759-01
46 ColumbusCEO l March 2021
043-047_CyberSecurity_RoundtableMarch21.indd 46
2/18/21 10:14 AM