Ray Kelly, Vice Chair, K2 Intelligence; Gittings Photography.

This article originally appeared on our ALM sister site Legaltech News.

To Ray Kelly, current vice chair of K2 Intelligence and the longest-serving police commissioner of the New York Police Department, there are four main catastrophic events that can befall a company: terrorism, conventional crime, natural disasters, and political instability. And while some of these are more applicable than others in different industries and in different areas of the world, they all have one common thread.

“Virtually every one of these areas involves cyber,” Kelly said. “Cyber is interwoven into everything that we do, so if you’re hit by a terrorist attack or natural disaster, cyber is going to play a role in some way, shape or form.”

Combatting growing cyber risks, Kelly explained, takes a team and a plan. To help with the first stage of the plan—awareness—Kelly will conduct a keynote speech at ALM CyberSecure titled “Security in Today’s Hyper Connected Society” on September 27 in New York. The main takeaway from the speech, Kelly recently told Legaltech News, will be that “cyber has to be everyone’s concern and everyone’s problem.”

Specifically, he noted that the entire management team, ranging from a company’s CIO to its CEO, needs to be involved with a business continuity plan. This business continuity plan is a schematic of how a company can get back in operation if it falls victim to a catastrophic event, and as a necessity, it needs to include cybersecurity.

“[Cyber] is this mystery area, and it doesn’t seem to have a day-to-day impact in making money, of the core business of the company, so it’s relegated to someone down in the management chain,” Kelly said. “That to me is a mistake.”

It’s particularly important for the CIO to be involved in any business continuity plan, he noted, because that person would best know what technological resources are needed after a breach.

The CEO, meanwhile, is tasked with making sure cybersecurity is a priority. As Kelly has seen from working with many companies, “If it doesn’t come from the top, chances are it’s not going to be adopted or certainly not going to be interwoven.

And receiving buy-in quickly is imperative in this changing cyber landscape. Not only has each individual threat evolved and become harder to identify in a system, but as the business world has become more globalized, threats can come from anywhere. This means that local law enforcement increasingly needs to work with federal and international agents on cases; it also means that identifying hackers’ profiles is increasingly tough to do.

“At the police department, we had 100,000 intrusion attempts per day. There are some companies that have millions a day, all generated by computers,” Kelly explained. “It is a threat that, even looking back 10 years, is so much greater with so much sophistication.”

These attacks are taking many different forms. Through his work with K2 Intelligence, Kelly pinpointed a number of different threats that he says are increasing in regularity, including ransomware, spear phishing, and “man in the middle” attacks that intercept communications. He also noted that the Internet of Things and mobile devices are particularly tantalizing targets for hackers.

What is evident, though, is that cybersecurity is necessary for all organizations, and that fact isn’t going to change any time soon. That’s why education is of the utmost importance, both for decision-makers and those they work with.

“Probably about 80% of the intrusions we see are the result of employee carelessness, or at least not adhering to the regiment that companies have put in place,” Kelly said. “Everybody is fighting fires every day. The cyber threat is insidious—it can be going on, and you have no idea. That’s why detection is so important.”

See SEC Proposes New Rule to Require Business Continuity Plans

Is your current strategy comprehensive enough?  ALM’s cyberSecure: The Event for Business Continuity and Growth, Sept. 27-28, 2016 in NYC, provides the insights and connections necessary to build and deploy a successful cybersecurity plan that comprehensively addresses detection, defense and response.  Click here for more information. Use Promo Code WCYBERAL & save 20%.