Page 66 - Cyber Warnings August 2017
P. 66
CYBERSECURTY CULTURE IN YOUR BUSINESS: 10 STEPS TO
CREATE IT
By Vera Salauyova, PR manager at Falcongaze company
The number of cyber attacks is growing rapidly and headlines these days are all about more
and more sophisticated data security threats. Cybersecurity incidents always result in huge
financial and jobs losses, reputational damage as well as civil litigation.
Take a look at the statistics of Kaspersky Labs: 90% of companies have already experienced
data breach with an average cost per incident of $3.6million. The Ponemon institute adds that
27.7% of businesses surveyed will likely suffer one more breach in the next two years. Despite
these frightening numbers, companies still neglect basic cybersecurity rules and leave their
systems and confidential information extremely vulnerable.
Indeed, in the present situation it is impossible to stop hackers but there is a mixed approach to
data security which combines data management, principles of information security and
information governance. This approach will help to create cybersecurity culture in your business
and it consists of ten key steps to take:
1. Never cheap out on technologies and training
First, train your employees constantly, deploy DLP software and establish business processes
and subprocesses properly. This will help you to avoid huge financial losses connected with
incident response and remediation. It will also reduce the fine imposed on your company, costs of
lawsuits and soften reputational damage. Never conceal the fact of a breach and immediately
report it to the authorities. Act decisively and coherently because inaction only increases damage
after data loss.
2. Examine and use Information Governance best practices
Compliance, Governance and Oversight Counsel together with Information Governance
reference Model Guide have recently developed Information Governance best practices. To
completely protect your data, study these practices; identify your data, its value, location and
users with access to it. Then protect only really valuable information in your organization and
delete data that you don’t need.
3. Don’t live by compliance alone
Meeting compliance requirements is essential in cybersecurity but compliance-only mentality is
totally ineffective in modern constantly changing cyber threat environment. It won’t reduce the risk
of cyberattack and help to improve incident response.
4. Call on all possible resources
Not only top management and chief information security officers are responsible for quick incident
response. Engage all the members of your staff: human resources, communications, information
technology and security teams. Working together is therefore a core factor of success.
5. Be aware of third-party threats
Any business consists of a chain of technologically independent computer users so any computer
of this chain can be used to exploit others to which it connects. Any contract you sign with third-
parties must include rights, obligations and possible penalties related to using, spreading and
securing sensitive information. Collaboration in attack response must also be governed by legal
principles.
66 Cyber Warnings E-Magazine – August 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide.
