The Cyber Challenge: How Prepared is Your Organization?
According to a recent article by WEF, 9 out of 10 online shoppers are actually cyber criminals. By 2020, the estimated economic loss due to cyber crime will have reached $3 trillion. The annual survey of emerging risks has in the last four years ranked cyber security as the No.1 most critical risk. It is time for your business to pay attention.
Recent trends indicate that cyber-attacks are becoming more frequent, complex, and with massive financial impact on organizations. The 2017 Equifax data breach resulted in an estimated cost of $439 million, Yahoo security breach cost the company $350 million.
A single incident can be catastrophic and preparation is no longer an option.
Some of the measures an organization can take to prevent, detect, and recover from cyber-attacks include the following:
Understanding the risk
A comprehensive IT risk assessment will enable an organization to have an end to end picture of the cyber security threats it is exposed to.
This involves mapping IT assets in terms of types, quantity, and location. Identifying critical and valuable data. Analyzing security gaps, IT controls, and system dependencies.
An IT risk assessment should be extended to cover third party providers. It is important to assess their IT security measures and control weaknesses that can have an impact on your organization.
This involves the development of a Cyber Security Preparedness Framework.
It should include policies that secure databases. Regular backups. A requirement to encrypt data. Strict password policies that require complex passwords with a two-level authentication log in process.
Robust information security features such as the ability to remotely wipe out data, installation of security software in all devices including up to date anti-virus, firewalls, anti-spam filters, and anti-spyware.
A key preparation measure is also to purchase a cyber-liability insurance policy that will financially cushion the organization if a cyber-attack happens.
Awareness & training
Employees are an easy target for cyber criminals.
An organization must develop a regular training program that aims at raising awareness on cyber security, IT risks, detecting cyber-attacks, protecting sensitive information, use of portable devices, data encryption, password management, online safety, and incident management.
The more empowered employees are, the better they will be in playing their part in protecting the organization.
Detection & testing
Detecting when an attack is happening is critical. Various tools that can help detect unusual activity include the use of a honey pot and threat detection software.
Continuously testing your controls, mapping out possible routes of attack, performing penetration tests, and assessing vulnerabilities will help to identify weaknesses and strengthen the cyber security strategy.
Responding to a cyber-attack
A well-structured cyber security response should have a step by step plan that will enable rapid incident management.
It is important to conduct a simulated response drill before an actual attack happens.
One key area that should be handled with care is communication. Timely and accurate communication will prevent panic and reduce the likelihood of damaging rumors.
An immediate investigation into the incident must be done to understand what went wrong and how to prevent future occurrence.
How Prepared is Your Organization?
Cyber Security will continue to be a key risk facing organizations. Preparation is important.
At P&P Inspekt, our team of cyber security experts work with organizations to map out their cyber security threats, review policies, test vulnerabilities, and develop effective cyber security frameworks.
Contact us today for a free discussion on how we can help secure your organization and add value to your business.