The age of Artificial Intelligence, Machine Learning, Autonomous Vehicles & Quantum Computing translates to bigger risk for businesses of all sizes.  While widely reported hacks of large corporations such as Marriott, Equifax and Uber have made headlines, lesser known was the multitude of breaches into midsize businesses which are increasingly landing into the crossheads of cybercriminals.  From ransomware attacks, identity theft to intellectual property risks and privacy concerns associated with the increase use of digital currency, lack of digital transformation strategy, the security of electronic information is set to remain among the biggest challenges facing companies in the 21st century. 

Cybercriminals behave much like a mutable disease, continually evolving, pushing new boundaries, finding vulnerabilities and subsequently exploiting weakness.  A list of some of the most prominent attach vectors

 

MALICIOUS E-MAILS
PHISHING
EXPLOITATION OF SUPPLY CHAINS
RANSOMWARE
CRYPTO HEISTS
CYPTOJACKING
DDOS ATTACKS

Based on some of market surveys and studies, some of the C-level executives might be overly confident in their firms internal abilities to thwart an attack  The reality- based on actual incident reports – is proving that confidence to be misguided.  

Obtaining a comprehensive cyber risk assessment allows an organization to understand the current state of its cyber program, identify potential gaps and risks, and ultimately implement and effective cybersecurity framework. In order to property manage and address Cyber Risks, organizations must evaluate and address the following:

  • Application Security
  • Data Protection
  • Infrastructure Management
  • Event Management
  • Third-party vendor management
  • Identity and access management
  • Vulnerability management programs
  • Culture and awareness
  • Benchmarking
  • Compliance
  • Incident response planning
  • Cyber liability Insurance
  • Cybersecurity steering committee

It is abundantly clear that most of the C-level executives and board members don’t know enough about cybersecurity or are not provided an accurate portrait of the risks the company is facing every day whilst others are suffering form a “knowing all” versus “doing” gap.  It is also clear that many might be well aware of the risks, but for one or more reasons often short-term financial motivations choose not to do what needs to be done in order to reduce the probability and/or impact of cyber breach in their organization.

In summary, the cyber security challenge is real and growing.  Business are a major target for data breaches, and organizations might lack the resources to understand and detect threats.  Companies must place an increased focus on data threats and consider new strategies to protect employee, customer and company data, and preserve confidence in the business and its reputation. 

TOP FIVE QUESTIONS YOU SHOULD BE ASKING YOURSELF.

  1. WHAT IS THE ORGANIZATIONS OVERALL RISK OF DATA BREACH IN TERMS OF PROBABILITY OF OCCURRENCE AND FINANCIAL IMPACT?
  2. HOW MUCH CYBER LIABILITY INSURANCE COVERAGE DOES THE ORGANIZATION NEED TO PROTECT ITS FINANCIAL INTERESTS?
  3. WHAT ARE THE FINANCIAL PENALTIES FOR FAILURE TO COMPLY WITH REGULATORY REQUIREMENTS?
  4. DOES THE ORGANIZATION HAVE THE RIGHT PEOPLE TO MAKE INFORMED BUSINESS DECISIONS ABOUT CYBERSECURITY?
  5. DOES THE ORGANIZATION HAVE AN APPROPRIATE DATA PRIVACY PROGRAM AND INSIDER-THREAT PROGRAM?