How to avoid a cyber attack with catastrophic consequences28th of February 2019
Opinion by Kim Aarenstrup, Executive Advisor
How does my company avoid a cyber attack with catastrophic consequences? If you are an executive or board member in an organisation, you might have given the question some thought.
I hear too many people say that they cannot protect their company from sophisticated and state-sponsored cyber attacks. And they couldn’t be more wrong! Of course, your business can protect itself from cyber threats, including keeping the advanced and state-sponsored ones at bay. There are certain actions that you can take that will significantly reduce the risk of suffering unnecessarily painful consequences of a cyber attack.
What can top management do to prevent a cyber attack from having a serious impact on the company's earnings and existence?
To make your business resistant to cyber attacks with catastrophic consequences, you need to start with a 360-degree assessment of your organisation’s IT security maturity level. This should contain three layers of protection: the preventive layer, the detection and response layer, and the disaster recovery layer. These protection layers aim to, respectively, prevent security breaches in your organisation, effectively detect and respond to them when they take place, and quickly get you back on track when an attack interrupts your operations. You can read more about the layers in a bit more detail here.
Show your employees that cyber security has priority
The most important thing as a board member or an executive is communicating to employees that the cyber security area is a high priority for your company. If this fails, IT security will automatically be deprioritised in your organisation, which can, at worst, have a direct impact on your profits and threaten your company’s existence.
Ongoing follow-up with quarterly measurement results
Unsurprisingly, the companies that are among the best at dealing with cyber threats are those who take IT security seriously, on the same level as they treat other business-related risks to the organisation. Another important point of attention for working with the three layers of protection, is ongoing assessments of how your organisation performs within these layers, which provide you with concrete instructions for which improvements your company should prioritise. This can be tracked in the shape of reports based on quarterly assessments of important elements within each of the three layers of protection. A great tool that can help you with these assessments could, for instance, be the NIST framework.
Keep in mind that avoiding the catastrophe is not about perfecting everything within IT security. It's about appropriately prioritising your efforts and making improvements in areas that matter the most. And that requires insights and an overview of your security maturity!
I’ll speak more about avoiding the cyber catastrophe at our next event in Copenhagen on the 3rd of April. You read more about it and register for free here.