Posted on Oct 1, 2018
National Cyber Security Awareness Month is a campaign that draws attention on the importance of cybersecurity. Every October, the government, private individuals, business owners, educators and community leaders join forces to raise awareness on the significant role cybersecurity plays in the lives of US Internet users, and the world. The ultimate goal is to build cyber resilience. When sensitive information crossing company and geographic lines is a regular part of business, this challenge requires collective effort and responsibility.
Personal data value is expected to reach $1 trillion by 2020. Yet, as businesses get access to troves of personal customer information, the risk of data misuse, loss or theft surges.
In 2017, WannaCry ransomware crippled more than 200,000 computers across 150 countries. WannaCry ransomware is a widespread malware infection paralyzing business operations by targeting vulnerable systems, encrypting their files and holding them for ransom. Cyber criminals continuously seek to commercialize valuable information and digital assets. It’s no surprise that cyber attacks and data fraud rank among top five risks by likelihood, according to the 2018 Edition of the World Economic Forum Global Risks Report.
With this in mind, here are six strategies to consider for reinforced cyber resilience:
The increasing complexity and intensity of cyber-risks forces businesses to stay agile and approach data security from new perspectives.
Standard risk management and conventional defenses no longer efficiently address threats such as distributed denial-of-service attacks powered by rogue Internet-of-Things devices or paralyzing ransomware targeting critical and strategic infrastructures. To reliably predict and manage risks, we need a holistic, cross-functional approach to security that expands risk management beyond the enterprise, as well as cutting-edge technologies such as advanced machine learning algorithms to identify emerging vulnerabilities.. .
2. Accurately Assess All Risks by Reviewing Third-Parties
Awareness starts with continuous visibility. The sooner we lift the veil of ambiguity and opaqueness from our relationships with suppliers, vendors, and business partners, the healthier and stronger our connections will be.
It’s high time businesses take control of third-party risks and improve the cyberhealth of the vendor ecosystem, in addition to their own infrastructure. The first step is to deploy vendor risk management software to proactively address risk factors associated with network security, patching cadence, endpoint security, web application security, social engineering, IP reputation and more.
3. Encourage Collaboration Through Communication
With the annual economic cost of cybercrime estimated at over $2 trillion by 2019, we need to invest in cyber resilience. Cyber resilience is the ability to prepare and adapt to the evolving cyber threat landscape, as well as to rapidly recover from cyber-attacks.
At the core of cyber resilience lies collaboration. Inside the organization, multiple groups including security, legal, and business operations, need to join hands to create clear, data-driven security strategies, appoint the right people and follow informed business practices.
At a larger scale, advancements in cybersecurity require public and private sectors to find new, innovative ways to share intelligence and mitigate impact. Government and industry-led initiatives need to continue developing platforms and standards that help organizations gather, identify and share sources of threat intelligence.
4. Be Diligent in Ensuring Compliance Requirements Are Fulfilled
The first step in risk mitigation is compliance. For example, the New York Department of Financial Services (NY DFS) regulates and educates consumers on financial products an services. Some of its most important policies force businesses to assess internal risks that threaten data security, to define and follow strict policies and procedures to secure internal systems, and to quickly respond and recover from cyber-attacks.
The NY DFS also enforces the periodic risk assessment of third-party providers to ensure they follow adequate cybersecurity practices to protect customer data.
To adhere to these compliance policies and procedures, businesses need to make sure information is accessible, easy to understand, and up to date, and to coordinate dissemination of this information on all levels, from the C-suite to the front-line employees.
5. Educate on Cybersecurity Issues
Therefore, starting or elevating the conversation on cybersecurity outside the boardroom is mandatory. Empowering employees and stakeholders with data protection knowledge and making them aware of their role should be at the heart of the company culture.
Read more on how to minimize the risk of breach from social engineering attacks.
6. Lead by Example
Regardless of its size, mission or budget, every business should strive to set a good example of how to adapt and prosper in the face of high impact risks such as natural disasters or security breaches.
Put a premium on cyber resilience by investing in continuous prevention rather than response. Stay transparent about data practices. Adopt privacy by design when creating products and services and don’t forget to upskill your employees. These are only a few of the measures a thriving business should implement to show it cares about their clients’ privacy and security.
For more information on staying cyber-resilient, read our Guide to Building Your Vendor Risk Management Program.
With hackers finding new ways to attack third-parties in hopes of infecting a larger organization, the third-party ecosystem is more fragile than ever before.
The purpose of IT security risk assessment is to determine security risks to your company’s critical assets, and how much funding and effort should be used in their protection. Get started with SecurityScorecard’s step-by-step guide to managing your cyber risk.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.