Checklist: How protected is your company from cyber attacks?
One of the biggest threats of an effective cybersecurity policy is to correctly identify key risks. A risk-oriented strategy and sound corporate policies can help prevent threats.
As cyber crimes rise and the cost of attacks soar each year, along with cyber insurance prices increasing rapidly as well, companies face a multifaceted challenge. The need to protect against threats that may arise from their operation, the exposure of C-Level executives, former employees, and supply-chain partners, among many others, is (or should be) a priority for any company interested in keeping their data secure.
Whilst recent studies show that cybersecurity points towards an increase in awareness, cyber crimes are expected to keep growing at an annual double-digit rate in coming years with an attack happening every 39 seconds. Most of the time, the intrusion starts with a simple e-mail, but cybercriminals are cultivating more sophisticated interventions in the form of social engineering and ransomware, amongst others.
It’s even more alarming when in this ever-changing scenario a total of 27% of C-Level executives state that their organizations are not well prepared. We made a quick checklist to help you evaluate whether your company is protected.
Map the risks
Cybersecurity is about identifying vulnerabilities, reviewing access to sensitive data, and simulating possible attacks. A cyber risk-oriented strategy must be absorbed into C-Level decision-making processes and the evaluation of third parties and their exposure to threats. Almost half of the companies that reported no breaches in 2021 adopted a risk-based approach. The enforcement of this trend will be both public and private. According to market estimates, countries that account for almost two-thirds of the world’s GDP will regulate consumer privacy rights in coming years and cybersecurity is already expected to be part of ESG reports by many investors.
Protect networks and data
A recent study found that cybercriminals can gain access to local network resources in 93 percent of cases after an average of two days exploring easy passwords used by employees. Companies must select which information they will keep, guarantee secure access to it, and dispose of it properly. It means setting up firewalls, encrypting files and regularly backing up data. Also, a zero trust network access, an approach that takes into account multiple information of the user to grant access, and the use of an identity-based segmentation represent steps with promising results.
Build a solid incident response plan
Cyberattacks cost time, money and reputation. Needless to say, some of these things you simply can't get back. It takes an average of 20 days to recover from a ransomware attack and the costs of cyber crimes are expected to reach US$ 10.5 trillion in the next three years. Despite the stakes being so high, a survey with 400 U.S. C-Level executives of mid-sized companies showed that 36% of the respondents do not have an incident response plan ready to be deployed. If your company is amongst them, this is something to be fixed as soon as possible. At the same time, incident plans must be updated and companies should consider adopting snapshot recovery to quickly restore important and sensitive data lost during ransomware.
Focus on Cybersecurity trainings
According to a recent study, human error, misconfigurations, poor maintenance and unknown assets are the top four causes of a data leak. Providing information and raising awareness of employees is key to preventing, protecting and responding to cyber threats and risks. However, Egnyte's Data Governance Trends Report Mid-Year Update states that fewer than 50% of organisations interviewed in the U.S train more than 75% of their employees in cybersecurity.
Employees should be able to identify fake warnings and alert IT when dealing with a virus infection of their computers. Regular and up to date training sessions help to avoid risks and protect company and employee assets and information. Also, companies must adopt policies regarding access and information withheld by employees and establish procedures regarding information security before they leave the organisation.