Michael Penders, general counsel and chief compliance officer for the Command Group Companies, spoke about the future of cybersecurity at NJBIA’s Internet of Things event on June 15, 2018 in Newark.
Protecting your data from cybercrime is a lot more effective if you know where your weak spots are, but risk assessment in the fast-paced digital world is difficult. Not only do the risks keep changing, they are exploding.
Why? The internet of things (IoT), those devices, vehicles, home appliances and other items embedded with software that allows them to exchange data with computer systems.
“As we increase the number of devices online, our exposure increases exponentially,” Michael Penders told a crowd of 100 at NJBIA’s Internet of Things program Friday. “Every device that is connected to the internet presents a risk.”
Penders would know. He is general counsel and chief information security officer for Command Group Companies and conducts security audits of international law firms, health insurers, media companies and Fortune Fifty corporations. In other words, assessing cybersecurity risk is job.
More and more devices are being connected to the internet. In 2012, he said, 8.7 billion devices were online. This year, that number is approaching 40 billion, and in 2020, it will top 50 billion. And in theory anyway, every one of those devices offers a way into the computer system it is connected to.
Fortunately, the same technology that’s been used against businesses can also be used to enhance their security. Any organization can scan a website and detect every IoT device connected to it in 30 minutes. Penders suggests this is a good place for a business to start its assessment.
“Anybody else can do this too, so you might as well do that yourself to see where you stand,” Penders said. “Do you have an inventory of every IoT device that’s connected to your network? Unless you have it, you can’t possibly manage your risks.”
Cybersecurity is also becoming a requirement to do business, particularly in the healthcare sector, where laws like HIPPA, the NJ Data Protection Act, the New York State cybersecurity law and the new European rules.
