CalPortland CIO Luis Angulo and Keith Onchuck, CIO of Ozinga, will manifest at NRMCA’s ConcreteWorks on October 12 at 3: 30 p. m. in Aurora, Colorado. Their treatment,” Guarding the Digital Realm: Confronting Cyber Challenges in the Concrete Industry”, may provide practical techniques and best practices for protecting your company from digital attacks, ensuring the security of your online infrastructure. ConcreteWorks is scheduled for Oct. 10-14.
Security starts with elimination, which funnels to safety and eventually ends with preparation. When you’ve reached the planning stage, it generally means a files violation has occurred.
” However, this is becoming much more prevalent in the modern world in which we live”, says Ozinga CIO Keith Onchuck. If our online information is accessible for any cause, are we all “ready” to do it? Preparation is important”.
The planning stage is usually regarded as the most tedious period in terms of technology because you have to appear outside the IT department. You must collaborate with another organizational agencies to develop a set of procedures and policies.
” As IT frontrunners, it’s our responsibility to prevent, shield, and make our organizations from all the dangers that exist in our modern globe”, says Onchuck. If we fall victim to cybercrime, we may have a plan that specifies the steps we must take.
A thorough Incident Response Plan that lists the steps that a business must take in the event of a security breach is one way to help a business prepare.
In all phases of security, a company must generate a long-term expense and be prepared to react over period. Training sessions for people and system users are conducted regularly to prevent problems. To safeguard against the constantly evolving security environment, the tools used during the safety stage must be constantly evaluated. The same can be said about the stage of preparation. Companies ‘ procedures may not become outdated during the planning stage. They may be updated because technology is constantly evolving and evolving.
You must plan for the worst and keep those plans updated constantly, says CalPortland CIO Luis Angulo, despite the fact that we constantly hope for the best and hope that we wo n’t ever have to reach this stage.
An Incident Response Plan usually involves three components: inside procedures, outside procedures, and coverage.
Internal &, External Procedures
” While preparation does n’t guarantee that you’re not going to be impacted, it gives you a greater chance of survival and recovery”.
—Ozinga CIO Keith Onchuck>
Leaning on internal and external expertise outside of the IT department is a crucial component of the preparation process. To ensure business continuity, internal and external procedures must be identified. Without this level of coordination, a single incident can bring business to a halt.
” It all comes down to being prepared to handle an event if it ever gets to that level of criticality”, says Onchuck.
When there is a security breach, companies must lean on all internal departments, including human resources, payroll, marketing, sales, legal, etc.
Companies should also create external procedures for tasks that fall outside the purview of the IT department. For instance, a strategy for how the business will respond to a security breach should be put together with your marketing and communications department. This could involve issuing a public statement and communicating with employees, customers, vendors, etc.
In order for employees to be clear about what they can and cannot say in the event of a breach, they must have a communication plan. The marketing and communications team must be responsible for the funneling of the plan.
” While preparation does n’t guarantee that you’re not going to be impacted, it gives you a greater chance of survival and recovery”, says Onchuck.
A secure backup of your data should be another tool in your arsenal. ” When cybercriminals get in your network, they try to find your backups and hold them hostage as well”, says Onchuck. Immutable backups are copies of databases that cannot be altered, which makes them much more difficult for bad actors to corrupt or encrypt.
In the event of a breach, technical experts also advise using a cybersecurity firm on retainer. Make sure all agreements have been agreed upon and signed. This will make it easier to recruit them into the organization to assist with their detection, eradication, and recovery from a cyberattack.
Insurance
“Cybersecurity insurance is not a ‘ nice-to-have,’ it’s a must”, Angulo says. ” It’s not an option anymore”.
—Luis Angulo, CalPortland CIO
Think of your company’s cybersecurity as a home security system. We lock our home with locks, lock the house with an alarm system or a guard dog, and we have insurance policy to protect against a break-in or other catastrophic event. Similar things can be said about attempting to safeguard our corporate data.
“Cybersecurity insurance is not a ‘ nice-to-have,’ it’s a must”, says Angulo. ” It’s not an option anymore”.
Cyber insurance will help you deal with an incident’s impact, even though it wo n’t prevent one. When someone attempts to hack into your system, you also need to know how and when to contact that cyber insurance.
” Time will be of the essence”, says Angulo. You do n’t want to try to figure out how to handle the insurance after a breach occurs.
The Framework
Each company must develop its own plan that involves the three Ps we have discussed: prevention, protection, and preparation. The framework can be straightforward and expand to meet the needs of the business. This may be different for each producer, but the basic approach still applies.
” When tools are used correctly, they represent a significant leap forward in our ability to do business”, says Angulo. If you do n’t do your due diligence, these tools may also be a liability.
As businesses use more cutting-edge technology, such as artificial intelligence, the stakes increase.
The IT Task Force of the National Ready Mixed Concrete Association, which Angulo and Onchuck co-chair, aims to develop a cybersecurity framework that all businesses in our sector can adhere to. ” We’ve recognized that we’re an ecosystem”, Angulo says. ” We all do business together and, in that moment, we are linked”.
” The more we can share best practices as an industry about how we are tackling cybersecurity, and the more our vendor partners, like BCMI, Command, and Sysdyne, can share what they do from a security standpoint, the better off we will all be”, says Onchuck. ” We’re stronger together”.
