Why Hesitate? Cyber Resilience Makes Business Sense
A successful cyber-attack takes several weeks to recover from. So, let’s be conservative and ask ourselves a few questions.
What would it mean in your business if you couldn’t trade for one week?
No data, no systems, no orders…CRISIS!!
Now add the stress of understanding where your data is, who you need to notify and which regulators you need to speak to.
Is taking no action worth the business risk?
Have you considered what your response would be to the words: “We have been a victim of a cyber-attack!”
Do you run into the distance with your hands over your ears, saying it isn’t so or is there a solid cyber resilience plan that kicks your incident response into gear? Your incident response plan is one important part of your total cyber resilience readiness. No matter how big your business is, everyone must be prepared.
No matter whether you sell product, manufacture goods or perform services you have information which is important to a cybercriminal. You must understand that you WILL suffer a breach and be ready to stop it, remediate it and carry on.
Whether you base your ISMS on one of the security frameworks or not an important part of incident response is in the name "response". I urge you to ensure that you are ready to react immediately. This is no time to start strategy discussions, do not start to investigate, do not look for how it started – respond. Take action. End it before it ends you.
Numerous studies show that a successful cyber attack’s cost will run into the Millions. Let that sink in for a while, most businesses today do not allocate anything other than lip service to cyber security, with the National Cyber Security Centre saying that most small and medium businesses spend less than £500.00 per year on cyber security. The board of directors and management say that cyber threats are one of the biggest risks to their organisations in most surveys and responses, larger entities put this into their annual reports – but they still massively underinvest on cyber security.
What impact will £1 Million loss have on your business?
Cyber security is a business risk, it is not about IT, and it is not about Tech. This is because we are hyper-connected, and our businesses and people are part of an always connected world. Our people interact with both business and personal platforms all the time. Does your cyber resilience methodology give you visibility of all this activity?
Do you have visibility on what everybody is doing, both on and off your network? If you do not know what goes on day-to-day how do you even know whether you’ve been breached and how can you say you are secure?
Cyber resilience is critical in the modern work from everywhere world we find ourselves in. The ability to take action is more critical.
We cannot continue to do things the same way in a new world. Cyber resilience provides visibility to protect your digital assets. This in turn allows your team to do their work and tells your suppliers and customers that your carte about their data and security.
Incident response starts long before any incident and using a proven approach to resilience will mitigate the risk of an all-out breach. Some processes are simple, many are straightforward.
Sadly, most will simply speak but do nothing and when the call comes, run screaming into the distance. Do not get caught up in strategy sessions which yield no actions. Do something – act now.
#letstalk
John Mc Loughlin
- Hits: 316