Excerpt from Michael Levin on Medium.com
David X Martin has worked for and consulted to some of the biggest banks and healthcare systems in the world. And when he looks at what most companies are doing to protect their information, he just shakes his head.
“It makes me crazy,” he says. “Ticketron got hacked. It was massive. Countless credit cards and other private information stolen. And then what happens a month later? British Airways gets hacked exactly the same way.
“If the people at British Airways had just paid attention to what had happened at Ticketron, they wouldn’t have suffered the same fate. But they didn’t learn from others’ experience, and that’s just typical.”
Martin says that most big firms are reactive instead of proactive when it comes to cyber risk management.
“You’re proactive with your health, right?” he asks. “You get checkups and tests every so often. You want to prevent illness, not just treat them when they show up. It’s the same concept. Businesses can’t be passive, sitting around, and hoping nothing bad happens. That’s what American intelligence agencies were doing before 9/11, and we all saw how that worked out. Organizations need to prevent attacks, not just respond after the fact.”
In his work consulting to boards and serving as an expert witness in major cyber risk management cases, Martin preaches the gospel of cyber wellness. “Your own personal wellness is much more than just the absence of disease — it’s bigger, more holistic than that — it’s a lifestyle. Personal wellness is about maximizing your fullest potential as a human being. Likewise, cyber wellness about maximizing your company’s fullest potential. Cyber wellness is a business strategy that needs to be the priority of boards and executive leadership. Soon, boards will be required to have a Director who has cybersecurity expertise.”
What prevents organizations from being proactive about cyber wellness? Their own operating structure, for one thing.