Today’s business leaders cannot afford to focus only on the traditional risks to their businesses but must also consider how to protect their precious corporate data from cyber-attackers, insider threats, nation state actors and even unintentional damage or deletion. Dr Michael Nizichexplains how best to deal with these kind of scenarios
Our business interests are in grave danger and not just from traditional threats such as fierce competitors, uncooperative suppliers, dissatisfied customers or challenges in raising capital. No, I am referring to the latest, very real and pervasive threat to our most valuable business asset: our data.
If the most important asset to your organisation is its data, then why do so many business leaders keep getting the protection of that data so wrong and wind up experiencing system breaches, data theft, ransomware and insider attacks? Let’s explore some of the most prevalent reasons as to why business leaders may be missing the mark.
- Guidance & integration of frameworks
One of the biggest oversights a business leader can make regarding cybersecurity in their organisation is to assume that meeting the security framework requirements such as NIST and HIPAA for example, means that they are fully secure from cyber attacks. Frameworks are somewhat static in nature and thus are not designed to directly protect you from new and emerging threats that are constantly changing as new vulnerabilities are discovered by threat agents. A good business leader needs to embrace the guidance of a framework but at the same time integrate programmes to assure that new and emerging threats are addressed in a timely manner.
Another reason that business leaders may be struggling is by assuming that because you have invested in your IT team, equipment and software solutions that everything is and will be secure in the future. This assumption can lead to a false sense of security at executive level that can very easily lead to a security breach and the tragic and preventable loss of company value due to the loss of its data. Business leaders need to lead their organisations in security and they need to make sure that the personnel, equipment and software solutions they invested in are ready to be used when a breach eventually does occur.
Poor understanding of the current state of the cybersecurity insurance market and what is really covered by your particular insurance policy when the inevitable breach occurs is a major consideration for business leaders. One mistake can be not having insurance in the first place, but a bigger mistake would be having a completely inadequate policy for the most likely type of attack to which your business is susceptible. Business leaders have to spend time and effort to deeply understand their current insurance policies in place and to prepare a plan on how to implement and maximise those policies when a breach does occur.
- Ensuring the proper back-up systems are in place
Business leaders who struggle with reaching a healthy cybersecurity posture on a regular basis need to take an introspective look in the mirror and see what a threat agent sees. This may be the biggest oversight of them all. Today, assumptions are made by dangerous threat agents that big companies with lots of valuable data are more likely to have stronger perimeter security measures in place and in turn, have an alternate target in mind. Many times, that target is the smaller business that does not always have the proper back-up in place and may be the perfect candidate for a ransomware attack because they simply can’t afford to go out of business. Business leaders cannot underestimate the value of their data and certainly cannot assume anymore that attackers will simply pass them by.
Finally, business leaders will all too often focus on technology, equipment upgrades, software upgrades and patches and they will forget to make the adoption of a sustainable security culture among all employees a part of the standard corporate policy. If a business does not have a corporate culture throughout all aspects of its employee base that respects, embraces and even requires a security mindset for all corporate activities, then you are just one innocent oversight away from a severe breach and possibly a harmful ransomware attack.
These breaches usually stem from an employee who just did not understand the importance of secure computer usage. Creating a top-down culture of security that doesn’t only focus on things like online, but on a true company-wide respect for information security and putting that respect into day-to-day practice should be a top focus for business leaders in today’s world.
The cost of technology, software and personnel to protect your valuable corporate data can be daunting at best and even unattainable at worst. If a cybersecurity breach in 2023 and beyond is not only possible but probable, the question really is can we afford not to protect our data?
Dr Michael Nizich is an adjunct associate professor of computer science and cybersecurity at New York Institute of Technology and the author of the new book, The Cybersecurity Workforce of Tomorrow