Unless you’ve been living under a rock for the past year, you are aware that cybersecurity is a serious issue. Over the past twelve months, an internet titan (Yahoo), Britain’s legislative body (Parliament) and the national organization of one of the two major American political parties (DNC), the largest credit bureau in the US (Equifax), and businesses on six continents simultaneously (WannaCry) have suffered cyberattacks.
The volume of damage inflicted by these attacks has created a fervor around cybersecurity and displayed its impact on everyday life. Hundreds of millions of people’s personal and financial information has been exposed, as have the inner workings of political organizations and government operations.
However, there is silver lining to the imposition of cybersecurity into the public conscious, namely that cybersecurity is recognized as a legitimate and urgent issue.
However, recognition of cyber threats does not equate to actual security. According to a recent survey from Clutch, 94 percent of companies claim to have a cybersecurity policy in place, yet over half have experienced some form of cybersecurity attack over the past year.
Beyond recognizing cybersecurity as a priority or simply having a formal policy in place, businesses need comprehensive guidelines and processes that prepare and protect businesses in the case of cyberattacks.
Money Isn’t the Problem or the Whole Solution
Large-scale cyberattacks are scary, and the more common they become, the more they cause businesses to fear they will be the next to suffer from an attack or breach.
This brand of fear breads kneejerk reactions. However, it’s important that businesses avoid singular, grandiose investments or overtures to try to their unilaterally shore up their cybersecurity.
To be clear, investment certainly improves cybersecurity prospects. However, simply throwing money to fix security shortcomings is not a viable solution. Equifax was hacked because they didn’t stay informed on updates to their security software, and as a result, failed to patch a known vulnerability. Emails of parliamentary staff were hacked because they lacked 2-factor authentication. These failures in cybersecurity policy and approach were caused by oversight, not underfunding.
“Brilliant Basics” are the Building Blocks of an Effective, Layered Policy
Accenture, in their 2017 “Cost of CyberCrime” survey, encourages businesses to use “brilliant basics”, like security intelligence and advanced access management protocols, as the basis for their cybersecurity policy.
The logic that dictates the “brilliant basics” is clear: Crawl before you walk. Cybersecurity is a multi-layered business process that requires thorough monitoring and maintenance, strategic investment, and constant iteration to stay on top of the most recent threats.
The “brilliant basics” act as the first layer of a multi-layered policy. Restricting access to company systems to exclusively authorized personnel and installing proper security software are great first steps to reducing internal threat to a business. Once internal threat is minimized, businesses can focus on building out strong defenses to deter malicious external attacks.
The more elements and layers added to a cybersecurity policy, the more important it becomes for a business to keep track software updates and vulnerabilities, and to maintain and tweak emergency firewalls. Dutifully maintaining the basic groundwork of security policy is the crux of security policy that no businesses can afford to overlook.
Invest Intelligently and Diligently Maintain
Recent large-scale cyberattacks have steered cybersecurity from the abstract digital realm to the tangible concern of the public eye. With newfound attention on cybersecurity, businesses are now under pressure to ensure their cyber defenses are secure from breach and avoid the careless mistakes of firms like Equifax.
A layered cybersecurity policy founded on “brilliant basics”, along with adequate and well-targeted investment, properly defends and prepares a business in the case of a cyberattack.
Summary:
Avoid a Large-Scale Cyberattack
Beyond recognizing cybersecurity as a priority or simply having a formal policy in place, businesses need comprehensive guidelines and processes that prepare and protect businesses in the case of cyberattacks. To be clear, investment certainly improves cybersecurity prospects. However, simply throwing money to fix security shortcomings is not a viable solution. Equifax was hacked because they didn’t stay informed on updates to their security software, and as a result, failed to patch a known vulnerability. Emails of parliamentary staff were hacked because they lacked 2-factor authentication. These failures in cybersecurity policy and approach were caused by oversight, not underfunding. Accenture, in their 2017 “Cost of CyberCrime” survey, encourages businesses to use “brilliant basics”, like security intelligence and advanced access management protocols, as the basis for their cybersecurity policy.
