This article originally appeared on Source link
By having a response plan in place for a variety of scenarios – ranging from ransomware attacks and phishing scams to database theft and more – companies can mitigate risk and reduce the damage if the disaster strikes. The panelists also highlighted the danger of thinking that “it can’t happen to me.”
“We’ve had companies come to us as potential clients with disastrous scenarios,” Milliron continued. “The damage is so bad sometimes. The amount of work to get them back to normal — you just don’t want it to happen to you. It is happening all the time.”
Preparation alone isn’t sufficient, however. The right tools and equipment need to be put in place to make sure detection and response policies work properly. User management and training, device management and reliable access to certified IT personnel all are crucial aspects of IT infrastructure. Pietrocola recommends hiring a chief information security officer (CISO) if possible, adding that many medium-sized businesses are starting to outsource this role to virtual CISOs instead.
“The sooner you know (of a breach), the easier it is to mitigate your downsides,” Pietrocola said.
Pietrocola also pointed to third-party service platforms, as potential areas of concern; proprietary business information isn’t necessarily secure just because you use a cloud-based platform. Those environments can be compromised by something as simple as user error and misconfiguration.
Similarly, partner organizations – such as a financial institution or other vendor — can open up a surprising degree of risk when it comes to cyberattacks.
According to Pietrocola, a little over half of major breaches in Q4 of 2021 could be traced to a supply chain partner or trusted third party. This means companies must account for not just their own cybersecurity, but that of other organizations they rely on.
“You’re giving (suppliers) very substantial amounts of identifiable information,” Milliron added. “They’re trusted gatekeepers of some of the most valuable data out there. Proper security and proper policies cost time and money and this is a new expense that businesses have had to absorb. I don’t know if any of us anticipated that.”
A BUSINESS NECESSITY
In the past, the business community has been hesitant to invest in cyber defense, according to Pietrocola and Milliron. However, they believe this attitude is changing as more business leaders realize the importance of defending their data.
“Bringing in a trusted security officer, even if it’s on loan for a couple hours a month at the least, is just as important as having an attorney or an accountant,” Pietrocola said. “In fact, you can argue it’s even more important. Businesses have a hard time with that expense. They see it as an expense, but I look at it as the entire defense for their business.”
Milliron echoed that sentiment. “Think of anything that could happen in a small business that’s going to cost money, and there’s nothing that will crush your business more than a well-executed cyber-attack,” Milliron added. “If you’re willing to hire a lawyer to protect you from some type of vendor dispute or you’re willing to have your accountant try to help you have less liability with your taxes, none of those things are going to cost you as much as a cyber breach would.”
To view the print PDF, click HERE.