You’re sitting in the boardroom of your business after a cyber attack has successfully penetrated your defences, unsure what to do next, writes Guy Golan, CEO of Performanta.
Many cybersecurity experts will tell you that this next 24 hours is the most critical time to act. It’s not.
That isn’t to say it’s not important to have comprehensive processes and innovative tools in place to deliver immediate action once the first signs of a breach occur. It’s just that every minute spent strengthening defences ahead of the ‘golden 24 hour’ period counts just as much, if not more.
To combat modern-day threats, cyber strategies must be a blend of proactive and reactive approaches to effectively lower the risk and limit the impact of a data breach. Companies need to think beyond cybersecurity and ask the question: have I made my business as cyber safe as I can?
But where to start?
Step one: Identify the threats
The minefield of cyber threats is becoming ever more dangerous as adversaries get bolder and more sophisticated over time. Attackers have an à la carte menu of threat methods to choose from, ranging in complexity and time scale – and naturally, it has become impossible to predict which one will be used and when.
When the repercussions of an attack can reach monumental scales, the pressure increases ten-fold to deploy innovative defence mechanisms. Some of the consequences include financial costs of getting systems back online; the time and money required to recover lost assets; any regulatory implications because of compliance failures; and the long-term damage to business reputation of experiencing a breach.
While predicting the precise nature of attacks is out of the question, the data and trends recorded over the years is invaluable and gives some insight into what enemies are lying in wait beyond your network boundary.
Step two: Choose the right platform to get the right data
Investments made into cybersecurity are on the rise, yet the number of successful breaches is increasing right alongside. It’s therefore unsurprising that businesses’ natural approach is to jump straight to damage mitigation through reactive defence measures. If we can’t stop them, then we can at least try to limit their reach.
However, in the long run, this will greatly limit organisations’ abilities to block incoming attackers. During those ‘golden 24 hours’, if your cybersecurity strategy is predominantly built around reactive defences, your time will be spent getting systems back online, expelling the intruders from your network (if you can identify them in time), all while trying to keep the business operating as best as you can – in short, you’ve lost the battle before it’s even begun.
The aim should be to reduce the amount of ‘golden 24 hour’ periods your business experiences, and limiting the potential size of an attack to reduce the amount of time you’ll spend on getting back to business as usual.
Combined with the knowledge you have gained in identifying the threats to your business, you can begin implementing technological solutions. All you need now is a comprehensive strategy to bring everything together.
Step three: Align with the right strategy
Addressing your business’s cybersecurity is a daunting task, with teams often overwhelmed by the incoming risks and subsequent needs to evolve defences from both a prevention and mitigation standpoint.
Complexity is the enemy of cybersecurity. Overcomplicating strategies is easy to do, but equally easy to avoid. Bring it back to logic – if a cyber breach is inevitable, what’s the minimum level of operation that you’d want your business to be able to continue working on?
Be part of something bigger, join BCS, The Chartered Institute for IT.
This is where the concept of ‘cyber safety’ comes in. On a basic level, Cyber safety is a continuous process, using real-time, accurate and relevant data to analyse moving risks within an organisation and presenting the findings in an accessible way for all levels of the business to understand and make accurate decisions.
Where this approach differs to traditional cybersecurity strategies is in its end goal. Cybersecurity is used to lower the risk and limit the impact of a cyber breach on your network, whereas cyber safety intends to lower the risk and limit the impact on the business itself, taking defence to a deeper level. So, while being attacked is inevitable, being cyber safe means businesses can carry on operating in the event of a breach.
Essentially, the cyber safety approach helps organisations maintain efficient operations during those golden 24 hours, while the reactive measures work behind the scenes.
The result: the perfect blend between attack and defence
While there is no silver bullet for cybersecurity, there is always room for better cyber safety and posture. Your most powerful assets are knowledge and intelligence.
Channelling cyber safety means understanding the importance of contextual data in helping the board and key stakeholders make informed business decisions to become cyber safe. Those golden 24 hours after a cyber attack is a time of stress and uncertainty, but forward-thinking organisations who recognise the value of preventative security will fare better when tested.
Cyber safety requires the business to work as one entity, where all board members and stakeholders have the same understanding and therefore the same responsibilities. It’s no longer enough for businesses to feel secure; they need to feel safe.
About the author
Guy Golan is CEO of Performanta. Founded in 2010 with Offices in the UK, North America, South Africa and Australia, Performanta employs over 140 people globally with an amalgamation of over 1,000 years of experience, servicing satisfied customers in more than 50 countries worldwide.