In these uncertain political and economic times, when businesses are faced with new and unforeseen challenges, the risk of a data breach can increase dramatically. When implementing measures to avoid potential risks, companies must ensure that they do not inadvertently put their cybersecurity or data protection policies in the line of fire.
high alert
In the current climate of uncertainty caused by Brexit, companies are about to prepare for all eventualities. However, as the board's discussions focus on tomorrow, it is crucial that they do not overlook business risks that remain very real today. Cyber security is one of these threats and it is rapidly evolving. In 2018, more than 40% of UK businesses fell victim to a cybersecurity attack and the number of data breaches more than doubled compared to 2017. From one year to the next, cybersecurity is becoming more complex. , more expensive and more frustrating; no organization is safe from the threat of a cyber attack; Don't be swayed by the pulse and not just the risk of offense, but the stamina needed to react will be at its lowest. Combined with new laws in place, such as the GDPR and PECR, companies also run additional reputational and financial cost risk if they are found to be non-compliant. As the recent example of Google's GDPR filing with a €50 million fine shows, regulators are cracking down on companies that lack transparency, provide inadequate information, or fail to prove customer consent. An effective cyber security strategy is not enough to ensure compliance.
(Image: © Image Credit: RawPixel/Unsplash)
Commitment at management level
Cybersecurity and data protection have become a board-level issue in the last decade, but the increased level of engagement in these two areas remains an ongoing challenge. Most senior people believe that cybersecurity is too complex and technical to fit into a board meeting, even more so when there are other pressing issues that need to be addressed. account. For many organizations, the answer is to give full responsibility to the chief information security officer (RSSI) or increase the budget. But is more outsourced support really the most effective path for cyber resistance? For example, consider any recent high-profile breaches: the hack was accomplished not by avoiding advanced security technology, but by identifying weaknesses in internal processes and personnel. And yet, at the same time, the number of CISOs who can offer the necessary skills and experience to effectively manage all aspects of security and compliance, from technical qualifications to management systems; Practical experience in cybersecurity in the field of people, processes and technology; and the legal understanding required to ensure violations are handled in accordance with compliance processes?security thinking
Cybersecurity is not just about incredibly complex and sophisticated threats, the fact is that the vast majority of breaches are related to human error and, in most cases, poorly designed and poorly educated processes, not security solutions. inadequate. The aim is to ensure that cybersecurity risk assessments are an integral part of business thinking, as in all other areas of operational risk, a process facilitated by the provision of a dashboard. incidents, how they were managed and requirements for continuous improvement. There is no "out of the way, in mind" solution; The diversity of skills and experience required to mitigate risk in today's highly complex and data sensitive operating environments must be implemented from the top down. Cybersecurity awareness and understanding is quickly becoming a critical aspect of business differentiation, competitiveness, and even longevity, but it is also a demand that has been bolstered by the advent of the GDPR and other legislation. What is needed is a cyber resilience model that manages the offense and minimizes the business impact. In addition to using technology to block phishing emails, for example, the board of directors must also ensure that staff are trained to recognize the signs that they are not safe. An email may not be genuine. They need to know how to react when they accidentally click on the email, including immediately notifying the help desk, which will trigger clearly defined escalation processes to minimize exposure. of the company Add to that a device-level backup process that doesn't allow the spread of malware, and one company uses a robust cyber resiliency approach for the most pervasive form of breach.
(Image: © Image Credit: Geralt / Pixabay)
covering all the bases
Organizations must recognize that they face a growing number of security and cybersecurity issues that cannot be ignored. Whatever the weather, a breach will have serious consequences, from regulatory action to collective action. Strategic actions must be taken to improve cybersecurity at all levels, with a cyberstability framework based on the company's understanding of risks. This will not only reduce the risk of non-compliance, but will also ensure system security, process configuration, and training to ensure compliance with data protection regulations and business responsiveness. . possible to minimize disturbances. Alan Calder, Founder and CEO of IT Governance- Protect your business from the latest computer threats with the best antivirus