Having looked at some high-profile examples of cybercrime in our first blog of the series, it’s apparent that no organisation is safe from the risk of a cyber-attack. So how can businesses better protect themselves? We consider some of the tactics below:
Create a cyber strategy
A basic, but crucial element in protecting businesses from cyber-attacks is having a strategy in place. This helps businesses to consolidate their thinking, understand the real threats, and have an actionable plan in the event of an attack.
Creating a plan enables businesses to truly understand what assets they have and what needs protecting. Ethical hacking may also be a tactic deployed, to expose vulnerabilities that require attention. Once businesses understand their assets, they can make educated decisions about how to best protect them and set up suitable detection mechanisms that regularly scan for threats. Having this knowledge can make businesses better prepared to deal with a cyber crisis more effectively, including the steps needed to stop the attack taking a greater hold and infiltrating other areas of the organisation.
Finally, understanding how to recover from a cyber-attack is crucial with an incident response and recovery plan – so that business reputation and continuity of service isn’t damaged further. Scrabbling around for a solution mid cyber-attack is far from ideal. So, it is worthwhile businesses preparing a cyber strategy – from asset identification and protection, through to recovery and beyond.
Ensure board engagement and ownership
Where cyber security professionals don’t sit on the board, there needs to be a clear line of reporting to the CEO and other members. Cyber issues need to be discussed regularly to ensure protection is up-to-date and there is ownership for activity – which is especially important during the event of a cyber-attack. Deloitte found that 38% of the FTSE 100 have a clearly identified person or team responsible for cyber security, a noticeable increase in disclosed responsibility from previous years, providing an indication as to how seriously organisations are taking the issue of cyber protection.
Mitigate supply chain risk
As businesses expand, operating across new markets globally, the threat of attack from bad actors increases. In fact research by EY found that 50% of European Chief Information Security Officers (CISOs) agree that the third and fourth parties in their supply chains represent the greatest compliance risk to their business. More than one in three (35%) also said that fixing vulnerabilities in their supply chains will be a clear post-pandemic priority.
Those in cyber roles need to work even closer with leaders across the business, to ensure that supply chains are compliant with organisational expectations around security. Working across areas such as procurement, compliance, and operations, cyber professionals need to ensure that proper due diligence is conducted around security in supply chains – safeguarding customer data and continuity of service.
Educate staff
It’s estimated that 95% of security breaches are blamed on human error, making employees the weakest link in cyber security. Businesses must invest in regular training to help staff understand what an attack can look like – from phishing scams to data breaches. Just under a third (31%) of FTSE 100 businesses delivered staff training in cyber security, representing a significant weakness in protection for many businesses.
Protect from attacks
Organisations don’t want to get caught out, finding out too late that their business insurance doesn’t cover the event of cyber-attacks. With cybercrime potentially damaging so many areas of a business – from reputational damage to the cost of digital recovery – quality insurance is needed to ensure that organisations can get back on their feet quickly.
Investing in quality cloud security is also vital in protecting the business from attacks. It enables businesses to recover data in the event of loss, protect storage against theft, deter human errors that can cause leaks, and reduce the impact of a system compromise.
Bring in the experts
Knowing where to start with protecting a business from cyber-attacks can be a daunting prospect. As is navigating the compliance landscape globally, from GDPR to LGPD. Hiring cyber security consultants can help businesses understand where they are most at risk from attack, enabling them to protect the business, customers, and supply chain accordingly. By implementing best practice, consultants can leave behind a workable model for businesses to follow – helping them to remain compliant and better protected from cyber-attacks.
With businesses operating across borders in a way never seen before, and Covid-19 increasing our reliance on technology, the risk of cyber-attacks has never been greater. We know that no one is safe from attacks either – from individuals to SMEs or large organisations. Not only is it a moral imperative to protect data, safeguarding customers, but it’s a business one too – as cyber-attacks can decimate entire organisations. Taking steps to stay ahead of cyber criminals, is crucial in ensuring that businesses are future proofed from marauding threats.