Although the beginning of November marks the end of Cyber Security Awareness Month, it is vital businesses protect themselves against an attack every day – not just in October when alertness is high.
Effective cyber risk mitigation and becoming hard to hack requires a comprehensive and resourced cyber security programme that has been designed to track and evolve to meet with the cyber threats of today and the future. This takes consideration, planning and investment.
There are a number of cyber security management frameworks available to assist with the implementation of a cyber risk governance. However, to keep things clear, simple and manageable, it is suggested you focus on addressing the following areas.
1. Understand your cyber resilience
All businesses should undertake a cyber assurance and maturity assessment to understand their cyber resilience and where their risk and vulnerabilities lie. These can then be prioritised and addressed in accordance with the greatest threat.
2. Create a hard to hack company culture
While your team is your biggest strength, it is also an area of great vulnerability.Your team will have multiple devices in their possession that have trusted access to your digital networks. You need to protect against their errors, accidents and, sadly, occasionally, their malicious acts.This is mitigated by selecting the right team in the first place and training them how to recognise threats and attacks, and how to use their electronic devices appropriately.Consider a service like Crew Check to carry out deep and thorough background checks and the Cyber Licence to ensure a consistent level of cyber security awareness training.
3. Secure your supply chain
It is easy to assume every one of your suppliers takes its cyber security seriously. However, this is never guaranteed. According to the Verizon 2021 data breach investigations report, which analysed data from more than 29,000 incidents, 94% of cyber attacks are delivered by email. Suppliers have trusted access to your inboxes and can be used as a proxy to access your networks. With this in mind, you should insist on conducting supplier due diligence as a condition of entering into any contract. This is fast becoming the norm across all sectors and a requirement of the UK’s General Data Protection Regulation (GDPR).
4. Secure against technical cyber attacks
Mutating viruses, Trojans, ransomware, spyware, distributed denial of service (DDoS) attacks – these are all digital cyber attack tools and weapons that the majority of us do not understand or know how to combat. Thankfully, there are many digital technical controls that can be implemented to meet the cyber challenges of today. Although, traditional anti-virus is not the modern-day solution. Artificial intelligence (AI) threat detection and quarantine systems are the minimum standard. Cyber criminals use AI to reconnoitre and find your vulnerabilities. To defend against and beat AI, you need AI – we humans simply cannot keep up anymore.
5. Be prepared to respond
No security programme is infallible; if a cyber criminal is committed to their goal, they will find a way. The trick is being hard to hack as cyber criminals will seek easier prey when faced with a comprehensive and coherent cyber security resilience. If an attack is successful, halting it as quickly as possible should be your primary concern to ensure you can minimise its scope and scale.
6. Mitigate against unanticipated costs
Should a cyber attack cripple your business, you could be facing some hefty costs. These could include system repair, business interruption, delays to schedule, knock-on impact to other clients, adverse media coverage, and financial damages claims and regulatory fines, for example. This can be mitigated by good cyber insurance, but only if the right insurance is purchased with realistic cover and service levels, and having met the minimum cyber security standards for the policy to be valid.