Addressing cyberattack threats, breach points, policies, company readiness, and recovery.
When we asked businesses about cybersecurity threats, breach points, policies, company readiness, and recovery, we were surprised at the responses that we received. The most frightening response of all was the following:
“We have no formal process for assessing readiness to deal with a cyber attack of any sort.”
Hindsight is always 20/20 – how many times has something happened that you could have and should have prevented? There are five questions every company should ask themselves, at least twice a year:
- What are our current cybersecurity threats?
- What are common breach points within our company?
- What are our current cybersecurity policies?
- What is our company’s readiness for a cyber attack?
- What are our recovery policies in response to a cyber attack?
It’s easy to sit back and think that threats and attacks only happen to other people and other businesses, but not to ourselves. Living in a state of paranoia can be beneficial to the security of your company. Former Intel CEO, Andrew Grove, once stated that “Only the paranoid survive”. Knowing all you can about current and possible future attacks helps you to understand why and how you need to be prepared.
With 2 million new malware attacks launching every day, we need to be constantly alert. Recent examples of extremely dangerous cyber threats are the Meltdown and Spectre bugs, which allow potential attackers to access to private data. Forbes magazine reports that the five cyber threats to look out for in 2018 are ransomware attacks, crypto jacking, education and healthcare cybercriminals, and malware attacks.
Cyberattack Sources Of Breaches
Cyber attacks could threaten your business through a few different sources. For example, employee mobile devices make up for 51% of all cybersecurity breaches, which is extremely troubling, given that there are nearly as many employee cell phones as there are employees themselves. Another possible source of a breach is Internet of Things devices. Together they make up 87% of all the cybersecurity breaches.
Cybersecurity policies should be in place to ensure that the company as a whole is all in agreement on what the threats are, how to avoid them, and how to respond to one. Employees should be trained to know how to report a possible cyber attack, as well as how to prevent one.
For example, employees should be taught to always look for e-mails that are suspicious, such as those that include simple grammar mistakes or excessive punctuation. Employees should have policies in place such as how to flag or report a suspicious e-mail. Additionally, employees should all be trained on the importance of avoiding opening or clicking on suspicious e-mails or links. Spectre and Meltdown use these emails as vehicles to reach your prized data. If you limit their transportation, you’ll better protect your data.
Cybersecurity Attack Readiness
To check your business for its readiness to handle a cyber attack you should see which of the four main categories your company falls into. Is your organization’s readiness passive, reactive, proactive, or progressive? Passive means that your business is not prepared for a cyber attack – you just hope that it won’t happen. Reactive means that while you aren’t ready to protect against a cyber attack, your business is prepared to react to one. Thirdly, your business is proactive if you are prepared to respond, while also seeking to avoid future attacks. Lastly, your company is progressive if it has deep cyber attack prevention, protection, and reactive capabilities in place.
Recovery From Cyberattacks
Once a cyber attack has occurred, you need to have a policy in place to immediately begin recovery. Cyber attacks have four main effects. In the aftermath, most businesses will see a reduction in their operational abilities, downtime, reputation, and revenue. After a cyber attack, 39% of companies reported a decrease in operational capability as their leading complaint. Downtime came in second with 37% of businesses reporting it as the primary effect on their company. Effects on the operation, and downtime, ultimately result in lost profits. It’s reported that 44% of companies estimate that they could lose over $10,000 within just one hour of downtime.
To protect your business, you need to look at the problem from all sides. Ensure that you and your staff are well trained, and remain vigilant against any cyber attack that could affect your company. Have policies in place, to ensure that staff is proactively working to protect the business’ data, staff, and clients. Should a cyber attack occur, your business should be ready to not only combat it but also recover from it?