Many business owners are aware of the dangers of cyber attacks but do they know what it means to be cyber-resilient?
Recently Pitcher Partners sponsored the AICD’s Directors’ Briefing in the Hunter Valley on the topic of cyber-security. Whilst larger businesses have dedicated CIOs who focus on cyber security issues and keep abreast of the latest types of attacks, it was made clear that no one is truly resilient to cyber attacks.
Whilst this might be an old chestnut, it is still at the top of the agenda in boardrooms and the AICD presentation was a timely reminder for many of us to take stock of what it means to be cyber-resilient and I wanted to share some of the key messages with all business owners:
No business is cyber-safe – large, medium or small. The trick is to be resilient which means businesses need to have the ability to deal with an attack well and quickly.
Understand why someone would want to attack your business – what is of value? Assess the information you hold. Most attacks are for monetary gain. What have they got to gain from your information?
Educate your staff. Make sure they follow good security behaviours and remind them regularly. Simple things like not clicking on attachments from an unknown sender can make a huge difference. Cybersecurity should be a ‘whole of business’ approach.
Make sure you have the ability to detect whether you have been attacked in the first place. It is common that victims often don’t know they have been “hacked” until weeks or even months after the event. This is about ensuring you have the right software which offers the right security information and event monitoring for your business. It is good practice to carry out regular vulnerability scans and penetration tests. These will also assist you to identify any weaknesses that may be exploited and allows you to address them before they become an issue.
Cyber threats are evolving and so should your business’s response. Security risk should be a top priority on your executive/board agenda. Conduct risk assessments in relation to your cyber-security.
Unfortunately cyber attackers have managed to stay a step ahead of the cyber defender. No protection system or cyber-security culture can guarantee absolute protection. However, the adoption of “holistic” cyber resilience will substantially improve a company’s chance of managing cyber risks and reducing the damage to the company’s reputation, credibility and the bottom line.