Preparing your organisation for the future: How to manage cyber risk and protect your critical data
27 February 2017
Businesses are looking at an uncertain future and are unsure how to defend against increasingly sophisticated cyber attacks on critical systems. One CEO offers tips on how to think about risk and choose your cyber security partner, so you can move forward with confidence.
Deepak Jain, CEO & Founder AiNET
2016 has been a record breaking year for cyber attacks. Organisations of all types and sizes have been successfully targeted, from governments and political parties to transnational corporations. For individual companies, a 2016 Ponemon Institute study determined the consolidated total cost of a data breach to be approximately $4 million. Recent regulatory changes promise to make this number grow dramatically.
To many CISOs and business leaders, the increasingly murky world of cyber threats has induced fear, uncertainty and doubt. It would be easy to view attempts at cyber security as being similar to being caught in a maze, one with shifting walls and no exit. Missing an effective map has caused many companies to make costly, and ineffective, decisions about their cyber security.
Although much of the news about the future of cyber security seems grim, it is important not to panic. Don’t let fear of the unknown distract you from your company’s mission. There are a few important steps that you can take to meaningfully improve your security posture, align with your operations and that won’t overburden existing budgets.
First, you must determine who has access to which data and systems, and who needs to. Tightening down on your internal protocols around data access is an important first step that sets the tone for the steps to follow.
Second, educating your employees is critical. Emphasising the sensitive nature of data will ensure your fellow employees treat the subject with more care and reduce the risks of social engineering.
Training all technology users on how to recognise various forms of phishing attacks (whether web or email) and other forms of outside infiltration is important. Many successful attacks including ransomware, malware and other system breaches come in the form of emails to your employees, with web links that grant outside parties unauthorised access into systems.
Understanding how physical security can impact data security is critical. On servers where critical data is stored, it is important to ensure only the appropriate employees can physically access them. In situations where it would be too difficult or cost-prohibitive to secure on-site technology systems, collocating these systems with an external data center allows you to take advantage of the expertise and physical security upgrades of an outside firm who specializes in highly secure, highly redundant environments.
It is important to emphasise to implement programmatic security measures, including firewalls, intrusion detection systems, and other forms of proactive monitoring. A disaster recovery/ continuity of operations (DR/COOP) plan that is tested annually is an assurance the business will survive the worst scenarios you can imagine.
Many organisations feel overwhelmed when confronted with how to plan for, and protect against, cyber attacks. Most are not experts in cyber security, though they are experts in their own fields. Rather than trying to become cyber experts, the best advice is to find a partner to help. Look for a company with a long track record of success, with documented expertise in cyber security best practices, excellent references, and a relentless commitment to their clients’ security.
Since 1993, AiNET has been providing comprehensive information security assurance to our clients. Many organisations, from government to Fortune 500s, value our expertise, our adherence to fundamental security principles, and our methodologies for helping them to move forward confidently to achieve their mission.
When selecting a cyber partner, base your selection on three simple rules. First, the company must know that security starts at the physical level, and have a data centre that meets your organisations security requirements. Second, they must take a proactive approach to security, which includes plans for active monitoring and threat mitigation. Lastly, they must be relentlessly committed to the success of their clients.
The constantly changing threat environment can make cyber security can seem like an overwhelming task. Rest assured that with the right partner, you can rest assured that your organisation is free to pursue its mission, knowing your critical data is safe and secure.
For more information please visit: www.ai.net