All of us are more aware of the cyber threat now. So what do we do about it? The short answer is we find balance. Ignoring the threat will put your business at risk. Over spending to shore up against the threat does as well. Balance between underspending and overspending is key.
How do you find the right security balance for your firm? Our advice is to build action plans based on lessons learned from the experience of others. There is now a vast body of knowledge on best practices and optimal processes that will let you make the right strategic decisions and help you find the balance required. Learning the right lessons from this body of knowledge will accelerate your action plans and help optimize your spend plans.
Cognitio works with firms across multiple sectors of the economy and in doing so has noted many lessons are broadly applicable. Every company is unique, but those seeking to efficiently mitigate risks can almost always find improvements to be made along six key vectors. We capture these six topics in the form of strategic recommendations below:
- Know the threat and know it in the context of your industry and your business. Awareness of the threat and the evolving techniques working against your peers in the industry will better inform your decisions. Right now the hot topics are phishing, ransomware and DDoS. History makes it clear, however, that as defenses are raised against those vectors the criminals will shift to other approaches. By tracking the threat you can efficiently shift to mitigate emerging techniques.
- Know and protect your most important data. Over 60% of mid-sized businesses that undergo a breach of mission critical data end up in bankruptcy proceedings. This horrible statistic is so large because many mid-sized businesses still do not encrypt their most important data. Identify the data important to you and encrypt it. Then ensure you have processes in place to limit access to only authorized users.
- Use two factor authentication for all internal and cloud services. There is no such thing as a silver bullet in cybersecurity. But this step will close off many avenues of attack and is an economical and prudent step to take right away.
- Train your employees, but understand some of them will be tricked. Your first line of defense is your workforce. Training them on the ways criminals will try to deceive them into clicking links or downloading malicious code is an important defensive measure. But history shows us cyber criminals will work hard to find new ways to deceive. Build in defenses to help mitigate problems after an employee is deceived. Which leads to the next tip.
- Raise defenses, but prepare for breach. Prudently raising defenses is key, but experience teaches us we must be ready for adversaries to surprise us. Ensure your architecture is designed to contain and detect malicious code and prevent adversaries from moving within a network. And know what you and your team will do when responding to an incident.
- Understand you cant do this alone. Cyberdefense is absolutely a team game. Network with your community, your peers, suppliers and trusted advisors to ensure you are efficiently and effectively finding the balance you need.
The six steps above can all be quickly put in place and they will start you on a path to efficiently minimize risk and optimize your security spend. They will also better position your firm for continued optimization of your security spend and for continued application of lessons learned from across the community.
Cognitio can help you optimize your security posture by independent assessment of your program, and can help you optimize your security spend at the same time. Learn more about mitigating the digital risks to your business, or let us know how we can help by using the form below: