Cyberattacks are inevitable. Every organization at some point will be required to deal with a cybersecurity breach and its consequences. The impact of the incident will vary depending on how the company responds. A decisive and coordinated response will minimize operational disruption and ensure a swift return to business as usual but this requires practice.
Cybersecurity Is A Business Risk, not an IT problem
Many executives still think that a data breach is an IT issue, however, cybersecurity is actually a business risk, such as a sexual harassment claim, environmental disaster, whistleblower misinterpreted gesture or something said that was taken out of context. If not handled well can jeopardize the company's reputation and bottom line.
Rising threats are pushing companies to try new defensive techniques and tools in 2020, which will increase cybersecurity budgets at many firms. Across industries, average spending on cybersecurity is 5% to 8% of the overall technology budget, according to research firm Gartner Inc. and reported by The Wall Street Journal.
It is time to change your company’s approach to cybersecurity and work hard at changing the company’s culture to become more vigilant, why?
Medical Practices Are Closing
A cyberattack can paralyze a healthcare practice, compromise the security of patient records and impact patient safety. In fact, last year, Brookside ENT and Hearing Center in Battle Creek, MI permanently closed its doors after hackers deleted all their data after it decided not to pay a ransom.
Data is being stolen from school districts and local governments
Cyberattacks against schools and local governments are growing in both number and sophistication. The Rockville Centre Schools (NY) paid $90,000 in ransom to hackers that had encrypted all of the district's files while an attack on Atlanta’s system paralyzed the city for days.
Small Utilities
Deloitte recently identified energy, and more specifically, utilities, as among the top three sectors targeted for attack in the U.S., with more than a dozen utilities in the U.S. were targets, many located near dams, locks and other critical infrastructure.
No Excuses
Your budget, or lack thereof, and staffing should no longer be the main barrier to becoming cyber secure. There are a number of key steps that anyone can take to protect itself from the inevitable next wave of attacks, including:
Make sure software patches are routinely applied.
If possible, only use supported operating systems and other software.
Utilize anti-malware and antivirus software tools and services.
Back up your critical data.
Know the laws affecting your industry around data breaches.
Train your employees on how to spot phishing emails.
Create a cross-functional incident response plan.
Practice responding to a cyber-attack in a tabletop exercise to be able to hit the ground running when this type of event occurs.
Establish or enhance relationships with law enforcement and other critical partners.
In the end, knowing that you are vulnerable and planning for it will protect and even enhance your reputation in the long run.
Prepare to be attacked
To help companies deal with the constant threat of data breaches, executives must make it a priority to understand where they are vulnerable and how to plan for an inevitable attack. This includes:
Identifying vulnerabilities;
Creating a guidebook to help them through a crisis;
Testing where they are vulnerable through pentests and phishing exercises;
Simulated training;
Media monitoring; and,
Crisis management planning.
To schedule a risk assessment and start crisis planning contact North Coast Strategies for a risk-free conversation.