Looking to shape your Business and IT Strategy? You've come to the right place!

Home » IT Operational Processes » CYBER SECURITY – Plan Well and Be Ready

CYBER SECURITY – Plan Well and Be Ready

Who can forget in this day and digital age that we are constantly surrounded by technology. It’s the last thing we see before bed at night and the first thing we experience when we wake in the morning. But all it takes to bring it to a sudden halt, is one click – yes that one innocent click on that hyperlink – you assume a friend sent to you through email. It’s our human conditioning – and why ominous hackers like to use adware pops ups to reel us in.

Similarly this sentiment has a downward effect on organisations that trust their employees are aware of the perils of cybercrime. Should the employee inadvertently click on a url link from within their company network and its game over.

In hindsight, anti-virus is only the first window of defence for known threats, but zero day threats are ever changing with hackers coming up with new and novel ideas almost every minute of the day. Companies that develop anti-virus software can only create definition files – files with updated protection – for known threats, and these definition files are only updated as per a set schedule created either manually or automatically on the organisations network servers.

There are times when it is fair to feel somewhat ambivalent about the benefits of technology. This is why hackers are now targeting organisations continuously, as it only takes one person and an unsecure network, a backdoor, to bring an unprepared organisation to its knees.

As organisations start to once again grow, the cyber threat naturally increases as more unwary staff begin to work from home, with unpatched or unsecure BYOD increasing endpoints across more expansive geographic locations.

Countering cyberattacks is an on-going endeavour with no end in sight and if you want to ward off the ‘black hat’ hackers, being prepared and having processes and tools in place will make the task of securing your organisations IT systems less daunting.

Cyber Security is a business risk, but business owners, directors and managers are under the impression that it’s all a IT risk. Sure you can restore your technical systems from backup, provided you have a BCP and that your Business Continuity Plan is robust and well tested. But the downside is the outage time – if your business solely relies on technology to perform commercially.

Can you image the business risk if your manufacturing plant is stopped for a day or two, or your finance team is unable to post any items for the amount of outage days or worse the health system is brought to its knees. It doesn’t only affect your own business, but think about your suppliers, customers, exporters etc.

Know your data storage…

I’m of the belief that within the organisation, both Business Analysts and IT analysts should be working on identifying processes to secure where the data resides, what data is important, who has access and what disaster recovery processes or in place.

With the advent of automated processes, ML and AI, Data is the new currency and employees should be working on how this data can be secured. What data is being stored? Where? What data can you live with losing? Is your organisation bound to regulatory protections? What value do you put on your customer’s data and privacy? And whether it’s in the cloud or on-premise.

Once organisations assess their own data security, they should assess their partners’ data and security processes. No organisation is an island.

Cyber Security should be part of the organisations governance and risk approach and regular contact with the Board would enable the CIO or CISO to provide a continuance understanding of the factors driving risk decisions, companywide. CIO’s and CISO’s need to have a good understanding of both the business risk and IT skills and may even be privy to being part of the Board.

Preparedness…

Constantly testing your systems against a cyberattack through simulation will make an organisation more prepared should an eventual attack occur. This would not only prepare the business as a whole, but would also make for a smooth transition to business normality fast and almost painless, post attack. Many organisations already run disaster recovery trials on a regular basis, so why not incorporate a simulation into the mix occasionally, as well as in between the disaster recovery cycle.

Only small parts of the systems need to be tested at a time. If you don’t have the skills in house, many cyber security firms have their own group of ‘white hat’ hackers, who would be more than willing to help identify gaps and suggest ways to improve system integrity.

Communication, too is key and not only within the organisation but also with its customers. Customers need to be informed immediately if there is a breach and assured that their personal data is secured from any possible cyber threat.

The past ransomware attacks, which affected more than 300,000 computers across 150 countries within 72 hours, has helped cyber security evolve, but not fast enough. With the turmoil the world is currently experiencing and clandestine attackers feeding on the vulnerability, these attacks are almost daily and some not widely advertised by the victims.

Many businesses lack the overall strategy to manage the constantly changing pace. IoT (Internet of Things) is becoming a more disruptive technology where creating greater inter-connectedness provides more potential for pain-points.

Small businesses at the same rate are also not impervious to cyber hacking, with 81% of a 1000 SME’s recently surveyed fearing that their systems would be attacked this year. A lot of small businesses don’t do the basic technology infrastructure very well and don’t understand the technology weaknesses in their businesses.

For the small business layman, cyber hacking isn’t a reason to avoid hosting a website or using e-commerce. Business owners can take some very simple steps to protect their business and site and still enjoy the benefits of selling products online. It goes without saying that everybody needs to be aware and keep their security software up to date and know who you’re dealing with.

With so much information being available, whether it be government, business or otherwise – there exists the potential for it to be ransomed, misused, mishandled or stolen.

So be resilient, build up your protection strategy—technology, human resources and an organisational culture of security. It all comes down to having your rapid detection and response processes in place and partners to assure the sanctity on your systems.

Comments are closed.

Search:

Categories

Archives

Opportunity

Knocks twice

Please follow us :)

Facebook
Twitter

Business Strategy & Innovation - Assisting you on your Business & Digital Transformation Journey

Private Bag A102 Auckland, NZ 1010