Cyberspace is defined as “the notional environment in which communication over computer networks occurs.” This formerly applied only to computers, but with rapidly evolving technology, it now applies to anything with an operating system.
We have come a long way since connecting to the internet via dial-up, as today airplanes, vehicles, home appliances and other electronics can all provide a wireless connection to cyberspace. While that offers convenience, it can also be catastrophic to business because of the numerous vulnerabilities that a connected world creates. With consumer demand fueling the rollout of new capabilities, tools are not created with security concerns in mind and thus have vulnerabilities that are capable of being easily exploited.
According to the National Cyber Security Alliance, sixty percent of small companies close within six months following a cyberattack. Making matters worse, “a large percentage of organizations don’t know they’ve been breached. Many Directors and Officers view Cyber Security as an Information Technology department issue until there’s an incident and they are in damage control mode,” notes executive search firm The McCormick Group.
With the ongoing evolution of digital communication, technology, and the resulting threats, cybersecurity should be viewed as an enterprise issue and managed proactively with the assumption a breach will occur. Doing so helps create a resilient defense that both reduces the chance of a breach, while also increasing the ability to recover quickly should an attack be successful.
The following are issues that will negatively affect your cybersecurity posture if left unattended:
- Lack of security policy creation. If policies aren’t created and processes aren’t tested, then there is nothing to reference when the stakes are high and guidance is needed. Documenting your security policies will ensure everyone is on the same page and knows what to do before, during, and after a breach.
- Lack of employee information security training. The human element continues to be the weakest link in cyber defense systems. Training can help reduce this vulnerability. Ensure your employees understand their individual role in cybersecurity by providing training, testing, and continuing education.
- Limited understanding of third-party risk. The number of hackers who gain access to organizations via third-party relationships is on the rise. Research by Gartner suggests that most companies implement a vetting system for vendors that they developed internally. While this practice saves the expense of an audit, the downside is that organizations can miss red flags that an unbiased third party will be able to spot. Increasingly, new regulations require independent review of cybersecurity practices, including those around external business dependencies.
- Lack of data encryption and regular off-site backups. Despite being a basic security function, there are still approximately more than a quarter of companies who don’t encrypt their business data, and roughly 40% who don’t encrypt their employee data. When it comes to backing up your data, relying on file shares and traditional firewalls is no longer sufficient to keep this information safe. Instead, organizations should use remote and cloud-based storage options, in addition to scheduling regular on-site backups. Forty-nine percent of businesses only keep one backup copy of their data, risking a complete and devastating breakdown of business operations when that data becomes corrupted, unreadable, or in any other way inaccessible.
Even if companies address the above issues, they should not consider the challenges solved. Cybersecurity isn’t a one and done project. It needs to be tested and re-assessed on a constant basis. This is even more vital with the continued evolution of threats such as ransomware and attacks via third parties. The security foundation created by instilling a proactive and aware organizational mindset and repeatable processes will help any organization confront emerging risks and develop a more mature cybersecurity posture.