Security Connection

Each department throughout an organization (IT, sales, finance, legal, marketing, HR, etc.) needs to come together and discuss their common enemy, which is none other than evolving cyber threats and cyber criminals. This can only be done when the organizations cyber security posture is treated in a systemic way, by identifying the gaps and risks across the whole business. If necessary, consult an external cyber security expert who will review the organizations cyber risk profile and assist the decision maker to understand where they are standing. In some cases, this discussion starts with reviewing the results of a cyber security awareness assessment, that leads to proper training, and then breaks down to the specific needs of each department participating the review process.

Devise a plan: By hypothesizing attack scenarios, develop a good idea on what is exposed, what particular type of attacks can affect the organization, security service  which are high value targets, what kind of vulnerabilities are present and assess the impact in each scenario. This process not only sets the foundation for constructing a proper response plan, but also determines the recovery process within an acceptable time frame for the business. Furthermore, this process highlights any hidden weak points, vulnerabilities that slipped through the cracks and most importantly what needs to be reviewed further. At this stage, engaging with an expert third-party allows for a faster, better, efficient and effective adaptation to emerging cyber threats, dramatically reducing the risk of being targeted or even breached.

Mitigation Strategy: It is not possible to know for sure or predict emerging cyber threats and the effect that will have to the business (e.g. lost revenue, reputational harm, stock price). Having rough estimates provides a far more realistic idea to what is at stake, the consequences of unrealistic expectations, and up to what level risk should be considered acceptable. The outcome at this stage will further assist when it comes to deciding the right cyber insurance coverage. In the meantime, the mitigation strategy will involve all the necessary steps to determine what is the greatest threat depending the particular nature of the organisation, up to what level it can be mitigated and how, and what specific investments are needed in order to avoid unnecessary future costs.