In most cases it is down right boring.
Although not sexy and down right boring it is still something that every CEO, manager, owner and board member has to focus on.
With all of the automated attack vectors available to the cyber criminals, we can no longer say we are not a target. We cannot say we have nothing worth stealing.
The more and more reliant business has on the digital world the greater the chance that a cyber event will cripple the organisation.
What are the main things that every management type needs to focus on when it comes to prevention of a cyber event.
Here are a few!
The cost of a cyber event.
The cost of a cyber even can range from lost time and functionality within the organisation to more money than the organisation can find to pay for the breach.
Cryptovirus is an example of lost time and functionality. If you do not have a functioning and tested backup of the data, you have to rebuild the offending device but you will also have to also replicate all of the data.
A full blown breach by a dedicated black hat hacker can steal everything and then use your system as a platform to target your clients, suppliers and staff. When that happens you realize that you are NOT too small to be a target
How they get into your system
The go to weapon of most cyber attacks is social engineering. Two parts of a very effective attack strategy. The technology to effect change, follow a link to an infected website, click on an ad in social media or open an attachment in an email, combined with getting you to trust them where you let them in.
Either way they are now in.
Risk and problems just compounded.
Simple ransomware for instance, the initial encryption of data is only one of the stages of the attack. What about stage 2,3 and 4.
Wannacry showed us that a combination of 2 attack vectors allowed a single infection to traverse a whole network. One computer is a problem for any organisation. All of the computers is a nightmare.
The protection challenges
In most situations managers, owners, executive and board members do not understand the digital realm. Risk management of data (a critical component in today’s business world) is often overlooked and considered an ICT problem.
Its not! Today’s digital security challenge is everyone’s issue and the sooner it gets noticed as a business risk and treated as such the faster we will see a reduction in attacks.
From the largest organisations to smallest single entities, we all keep critical data in places that are easily accessed, relatively unprotected and mobile.
What are you doing to manage the expected cyber events that could cripple your organization?
There is no single, simple fix. If there was everyone would be safe.
It is a complex issue and one needs to dedicate some time, money and expertise to understanding the issues and risk associated with a cyber event.
Come to one of my intensive workshops it will open your eyes on your business requirement to be safe as an organistion.