Yesterday the NYSE went into a free fall because of a bogus AP tweet resulting from a spear phishing attack. The stock market quickly recovered once the phishing attack was exposed. However, it was not without incident.
Due to the pervasiveness of today’s cyber threats, its time to shore up cybersecurity readiness enabling your organization to:
- detect cyber threats early
- contain breaches early
- prevent costly attacks
Let’s start with the basics to be well positioned for early detection. Conduct an internal audit of your vulnerabilities and assess your risk. Identify what trade secrets, intellectual property and confidential information is essential to the vitality of your business.
If it were stolen, lost or if access to it was blocked, what would be the business impact?
This can be as exhaustive as you have the appetite for; however, I recommend starting with the essentials and make it an ongoing process enabling you to continuously monitor and update your critical assets and the plan to protect them. Validate your list with objective parties by asking them, what in their view, would the impact be if items on your list were stolen or inaccessible.
You can hire consultants or have a discussion with your key service providers i.e. accounting firms, legal, banking institutions etc. Secondly, enlist your employees to help defeat cyber thieves. Banks have enlisted their customers successfully for years to help fight the cyber war.
Accept that cyber warfare is a team sport, so build good cybersecurity hygiene into your culture.
Many a reputation and career has been disrupted or impugned because although they were not the intended target of the hacker, employees are routinely the unknowing and unwilling patsy to gain access to the organization’s network.
Start with a security awareness program that begins with Cyber Security 101.
Enable your team to distinguish between a classic vs spear phishing attack and its impact, which devices to connect to their computers, the hazards of public wifi, etc. Choose the delivery system that offers the best cultural fit for your organization. This is that important.
In the next blog, I’ll continue the discussion on readiness for early detection.
Umesh Verma, the CEO of Blue Lance has taken on cybersecurity readiness as his personal mission in the business community. He will be sharing his technical insights to help you ask better questions around your company’s cybersecurity practice. As we continue to see cyber attacks reported in the news, look for Umesh to fill you in on what it all means, from an insider’s perspective.