What business leaders need to know about cyber security right now
If you are a founder or a business leader, you probably won’t have time to delve into the fast-expanding universe of contemporary cyber security. But there are certainly things that you should know about in your position. What may be most helpful, is to concentrate on a small number of cyber security ‘home truths’, that can help you navigate conversations about how to protect your business and keep it moving in a world of rapidly evolving threats.
These ‘truths’ should help you ask the right questions, identify priorities, and make the best decisions about your cyber security programs.
The threat today is often highly sophisticated
At the sharp end, you are not only up against insider risks such as a rogue or disgruntled employee, but also dedicated teams of commercial hackers working in a professionalised shadow ransomware industry. These are highly organised individuals and groups who work in glass-walled offices, just like our own. They have finance departments, managers, and sophisticated channels for different services. Specialisms exist for each stage of the offensive operation, such as initial access, malware development, stolen data management and ransom negotiation, to name a few.
Are you up to date?
The cyber security threat landscape is constantly changing. Organisations that haven’t reviewed their security systems and processes since the pandemic, should prioritise a review. Protective and defensive standards continue to evolve on a day-by-day basis in response to new offensive tactics.
This needn’t mean changing everything immediately, but rather identifying the things that are most important to your business and the associated controls around them. This risk-driven threat modelling approach for a private equity firm, might include adding stricter data leak controls around sensitive board minutes, or detecting and preventing client information leaving corporate systems for a law firm or barristers’ chambers. With operational technology playing an increasing role in everyday manufacturing, the automated machinery on which such businesses rely is a new front of vulnerability and risk.
Operate on the assumption that you will be breached. Approaching the risk from this ‘assumed breach’ perspective helps with the essential legwork involved in sharpening your incident response and business recovery plans. As a leader, you need to check and double check these are in place and are regularly tested.
One recent shift that’s important to understand (and to impress on others) is that security should be heavily focused around the employee or workers identity, not just the organisation’s office perimeter. This is a significant development in terms of external risk as organisations adopt more SaaS cloud services. Threat actors continue to target these systems, aiming to gain access to cloud hosted data through compromised identities.
Today, response is as important as protection
One of the largest challenges around a data breach is determining the scope of the incident. If you are breached, and you can’t quantify the extent of the information that has been compromised, you must assume – as investors, insurance companies and regulators must assume – that all data on impacted systems has been compromised.
This is why having the right levels of logging and proactive monitoring is so important. Without the right tools to capture the details of an intrusion when it occurs, organisations will struggle to accurately determine the scope and impact of a breach.
What can I do about all of this? Lots. Fortunately, there are continually advancing security capabilities being developed that can protect your business, without constraining it. Get the latest advice, training and simulations to make your business stronger. Talk to Doherty Associates. We’ll help keep you safe and resilient while you get on with your core business.