What can business leaders learn from a cybersecurity breach?
July 31st, 2017
As attacks against IT infrastructure are typically all about the money, they are increasing in frequency and sophistication. It’s, at best, embarrassing to have a breach, but at worse it can destroy a business.
As with business continuity, a significant percentage of business leaders do not take cyber-security seriously until they get burnt.
It can be difficult to believe that your business is at risk, as many think attacks are mainly focused on banks and large firms. However, if hackers can exploit your business data for financial gain then you will be a target. No matter what size your business is or sector you operate in.
Even relatively simple attacks like ransomware or data theft for blackmail can cause havoc within an underprepared organisation. The Internet is global. Someone out there will be delighted to receive £2,000 for perhaps 20 hours of work, without even leaving their room.
Learning from a cyber-security breach
A good way to demonstrate the potential damage a cyber-security breach could cause is to have an independent red hat and white hat attack or audit carried out by a third party. When you present the CEO with printouts of their emails, pictures of their family, salary information and the like, it really highlights the danger.
Another sensible way to engage the C-Suite is to undertake ISO 27001 certification. A significant percentage of the standard is to list all the risks associated with all parts of the business. After this, you need to assign controls to mitigate the risks. You will then need to show the CEO or another c-level executive, and explain all of the potential risks and controls. It up to the CEO or senior executive to decide whether to invest in the controls or accept the risk.
All too often you will find the responsibility for cyber-security placed solely in the hands of the IT department. But really it must be dealt with at board level – just like any other serious threat to the business. Undertaking ISO 27001 certification increases the board’s accountability for IT security, by allowing them to see the risks firsthand.
Every company could potentially suffer a cyber-security breach, so you must be aware of your risk profile. If you understand the risks, implement the appropriate controls and have a documented procedure to protect your business from breaches and their aftermath you can keep that risk at an acceptable level.
Robert Rutherford, CEO of QuoStar
FAQ: What is Cyber Essentials?
Cyber Essentials is a government-backed scheme designed to help organisations of all sizes reduce their risk of common cyber-attacks. It allows businesses to obtain one of two Cyber Essentials badges and has the support of industry organisations like the Federation of Small Businesses, the CBI and numerous insurance organisations. What are the certification levels? There […]
How should CIOs prepare teams for cyber threats?
With new cyber threats appearing constantly, it’s important that a business keeps on top of these. CIOs need to have a rolling training program to ensure that staff within a business are aware of all the major cyber threats which target the end-user. For example, social engineering, phishing, theft, data leakage, etc. It’s important that […]
How to make remote working secure: 13 best practice tips to increase security
As businesses scrambled to suddenly support much larger, permanently remote teams, certain cyber-security policies and procedures fell by the wayside. Simultaneously, cyber-criminals capitalised on the uncertainty, confusion and panic caused by the pandemic and found new opportunities to attack, via remote workers and unsecured technologies. Remote Desktop Protocol (RDP) attacks were up by 400% in March and April alone, while COVID-19 related email scams skyrocketed by more […]