Story image

One step ahead: Safeguarding your business from the top down

04 Sep 2017

It’s never been more important for businesses to remain one step ahead of cybersecurity attacks.

Any company bound by rules and regulations has the obligation to protect the interest of their stakeholders, including their customers, against cybersecurity attacks. Failing to do so could be a detriment to their brand.

From an economic standpoint, Juniper Research findings suggest cybercrime will cost global businesses over US$8 trillion in the next five years.  

A top-level discussion

For a long time, the discussion about cybersecurity and how to handle imminent threats was only had by CIOs and IT departments.

However, the conversations about cybersecurity have started to change. Cybersecurity is increasingly being addressed by executives at board level. We have seen an uptick of this particularly in the last five years.

This has been triggered mainly by the widespread impact cyber threats have had on businesses globally. Just look to the recent WannaCry ransomware attack that infected thousands of computers across more than 70 countries including the UK, China, and Russia, as an example.

Often, however, mitigation plans against cyberattacks fail due to a lack of support from the board. But if the board starts leading the charge, it’s more likely the plan will succeed.

An Australian government survey found that if an organisation considers cybersecurity at board level, it is more likely to be resilient against attacks than organisations that do not.

In many parts of the world now, it’s mandatory for board members to have come from a security background, or at least to be security savvy. In Australia, boards will soon be held more accountable than ever before when an attack occurs.

New laws were passed in February 2017 by the Australian government that require Australian businesses and government agencies to notify the Privacy Commissioner and their customers if they have experienced a data breach. The new legislation is due to take effect in February 2018.  The decision by the Australian government follows in the footsteps of other countries that have taken similar actions. The European Union, for instance, made changes to its General Data Protection Regulation. Due to apply from 25 May 2018, businesses operating in the EU must also be transparent to stakeholders if an attack occurs.

With so many legislation changes emerging in various global markets, it’s wise for companies with an international interest – or intentions to expand internationally – to adhere to the most stringent of international cybersecurity regulations by making it a top priority at board level.

The human element

In addition to engaging the top executives, a company must take into account the readiness of the user population, who, unlike the board, may not have a great understanding about the importance of cybersecurity. A company that focuses on just the technology to implement a cybersecurity policy is headed for failure.

It’s important to ensure businesses have a well-educated user base. Part of that involves taking the entire business along the journey, especially now that insiders are increasingly putting businesses at risk.  

In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders – with three-quarters involving malicious intent and one-quarter involving inadvertent actors.  

Businesses need to provide training and education programs to help users understand the importance of cybersecurity and best practice. Coming up with a strategy and writing up a cybersecurity policy is the easy part. A strategy cannot be successful or sustained if it can’t be followed. A well-formed cybersecurity strategy that outlines basic cybersecurity hygiene needs to be clear and easy to understand, otherwise there would, naturally, be a push back – which is the worst possible outcome.

An approach many multinational companies are starting to use is humour as part of the education process. It’s easy to have a really boring training program where everyone switches off, so making it humorous can make the training and education piece of the cybersecurity strategy sticky.

Businesses can spend a fortune on technology tools, but they’re missing the point if they’re trying to address security purely with technology. It has to be people on the frontline, technology in the middle, and people on the backline.

Staying one step ahead

It’s always going to be difficult for organisations to stay one step ahead, especially as remote and cloud-based work becomes the norm.

It’s important that businesses never get complacent. It’s easy to acquire a bunch of security badges, but you need to be prepared for the constant evolution of cybersecurity and a tip top security policy needs to reflect that.

Listen your peers and see what other vendors are doing to protect themselves, and learn from their lessons when they’re attacked because it’s important to never let a good disaster pass you by.

Hiring professional hackers, known as white or ethical hackers in the industry, to hack your systems can also help businesses understand where their flaws exist.

New technologies such as machine learning can greatly assist in threat detection and mitigation. These same technologies also offer the chance for board members to take a holistic approach to security, so they can react and stop threats to their business environment in real-time.

Article by Ian Pitt, CIO, LogMeIn.

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.