Many companies spend huge amounts of money on it. Yet security breaches keep on happening over and over again. And they will continue to happen as long as security is seen as a one-off task.
Today, every business is a target. The evolution of cyber threats has been driven by monetary gain over the past ten years. Business assets are worth money. Whether it is your customer data, your personnel information, your intellectual property or your access to infrastructure. There is always someone who is happy to take it when offered.
Data breaches and cyber incidents are costly – both in terms of direct or indirect costs, and the potential for brand and reputation loss. If your business is in Europe, it is time to act before the EU’s General Data Protection Regulation enters into force on 25 May 2018 and brings with it the potential for fines and legal consequences.
It doesn’t take much to get hit by a cyber threat today. The majority of threats out there are still distributed broadly and utilize vulnerabilities that are already known. On top of that, the risk of targeted attacks and advanced threats is increasing, and also concerns smaller and smaller companies. And in today’s collaborative world, the company you are partnering with may be used by attackers as an entry point to your own organization or vice versa. You no longer have to be a global enterprise to get hit with a targeted attack – anyone can be a target.
In order to control and minimize the risk and to deal with cyber security professionally, you have to run through the whole process of holistic cyber security:
- Assess your situation, understand the cyber risks that exist for your company and do a proper assessment of where you stand in regards to security. In other words, you need to create a clear understanding of your attack surface.
- Based on your assessment, take all the measures you can to reduce the attack surface and protect yourself from all the threats that are already known. By taking these preventive measures you can filter out the bulk of threats and reduce the risk of incidents to a minimum.
- As attackers are smart and often have new, unknown attack methods at their proposal, preventive measures never provide 100% protection. Hence it is important that, when something unknown hits you, you are able to recognize these incidents quickly and contain them before they can do damage.
- Finally you need to have the processes, tools and routines to quickly react to these incidents and minimize the damage they can cause. Additionally, it is vital that you understand how they happened in order to prevent them in the future.
Often a company’s cyber security efforts are triggered at step 3. Companies detect a breach and then start to run the cycle from there. This is reactive. If you want to get it right from the start, you begin with the assessment.
Want to learn more about the holistic approach to cyber security? Check out our webinar series:
- The big picture: 10 reasons why organizations keep on failing in security management
- Prevent: Prevention is the corner stone of cyber security
- Detect: How to detect a cyber security breach?
- Respond: Got hacked – it’s too late to run now
- Predict: How do you predict the threat landscape?