What can business leaders learn from a cybersecurity breach?
Last updated on April 15th, 2020
As attacks against IT infrastructure are typically all about money they are becoming more frequent and advanced. It’s, at best, embarrassing to have a cyber-security breach, but at worse it can destroy a business.
As with business continuity, a significant percentage of business leaders do not take cyber-security seriously until they get burnt.
It can be difficult to believe that your business is at risk, as many think attacks are mainly focused on banks and large firms. However, if hackers can exploit your business data for financial gain then you will be a target. No matter what size your business is or sector you operate in.
Even relatively simple attacks like ransomware or data theft for blackmail can cause havoc within an underprepared organisation. The Internet is global, and a focused individual sat in a bedroom somewhere will be delighted to receive £2,000 for perhaps 20 hours work.
Learning from a cyber-security breach
A good way to demonstrate the potential damage a cyber-security breach could cause is to have an independent red hat and white hat attack or audit carried out by a third party. It really highlights the danger when the CEO is presented with printouts of their emails, pictures of their family, salary information and the like.
Another sensible way to engage the C-Suite is to undertake ISO 27001 certification. A significant percentage of the standard is to list all the risks associated with all parts of the business. After this, you need to assign controls to mitigate the risks. You will then need to show the CEO or another c-level executive, and explain all of the potential risks and controls. It up to the CEO or senior executive to decide whether to invest in the controls or accept the risk.
All too often you will find the responsibility for cyber-security placed solely in the hands of the IT Director or another senior member of the IT department, but really it must be dealt with at board level – just like any other serious threat to the business. Undertaking ISO 27001 certification increases the board’s accountability for IT security, by allowing them to see the risks firsthand.
No company has zero-risk of a cyber-security breach, so it’s important to be aware of your risk profile now. If you understand the risks, implement the appropriate controls and have a documented procedure to protect your business from breaches and their aftermath you can keep that risk at an acceptable level.
Robert Rutherford, CEO of QuoStar
Common IT project management mistakes and how CIOs can avoid them
IT project management is a key part of business success but it has never been an easy task. CIOs can frequently find themselves juggling cost, time constraints and new technologies, and more often than not this can be the case across multiple simultaneous projects. While no two projects are exactly the same, they can […]
BYOD – Get that iPad out of the board room (please!)
The BYOD drum seems to be beating in the IT/Business worlds. Here are some of my opinions at this current point-in-time. Please remember that I’m specifically talking about staff bringing in their own ‘personal’ devices into the workplace to access company systems. Where did the Bring Your Own Device (BYOD) trend start? The trend of […]
How to create an information classification policy
Documents are a business asset. If an asset is lost, stolen or damaged, it becomes a risk. Both for the business and for their client. This means having control systems in place to understand these risks is critical. And having the controls to counter them is equally as important. It sounds simple. But after a […]