Can Your Business Survive A Cyber Attack?

This article summarizes the board’s recommendations for integrating business and cybersecurity, improving risk management and governance, and updating incident management processes for businesses to build resilience amidst an evolving cyber threat landscape.

October is Cybersecurity Awareness Month, an ideal time to examine your organization’s readiness in responding to an imminent cyber attack.

According to Ponemon Institute and IBM Security’s 2022 Cost of a Data Breach report, a cyber attack could cost a company an average of $9.44 million. This accounts for financial damage from theft of information, disruption of functions, ransomware demands, destruction of hardware and software, and corruption of data. The cost does not factor missed opportunities and reputational damage to the company’s brand, one of its greatest assets, from the loss of customer trust that can occur with cyber incidents.

Taking stock of the latest report by Deloitte’s Center for Board Effectiveness DCBE, this article summarizes the board’s recommendations for integrating business and cybersecurity, improving risk management and governance, and updating incident management processes for businesses to build resilience amidst an evolving cyber threat landscape.

Integrating Business And Cybersecurity

The mindset shouldn’t be “the IT people” are solely responsible for cybersecurity. The National Association of Corporate Directors (NACD) suggests that leaders approach cybersecurity as the organization-wide issue that it is. Consider these cybersecurity principles to improve management oversight of cyber risk —

Approach cybersecurity as a risk management issue for the entire enterprise and not just a technology or IT issue. Cybersecurity may have begun as primarily a technology-centric risk, but it has evolved to become a multifaceted business issue. The ability to manage cyber risk is integral to every aspect of business operations.
Understand the legal aspects of cyber risks that are relevant to the company’s own facts and circumstances. In addition to the business impacts of a breach, companies and directors may also face legal consequences that boards should consider as they set strategy and define risk appetite.
Access cybersecurity expertise, from both internal and external sources, and discuss cyber risk management regularly in board meetings. Cyber risks should be communicated to the board frequently, with adequate discussion about the company’s threat landscape and risk mitigation strategies.
Establish an enterprise-wide risk management framework that is adequately resourced. Confirm that the framework is implemented across the organization at all levels and that it has adequate staffing and budget.
Discuss identified risks with management, including risk prioritization, appetite, and mitigation strategies. This discussion may include a review of options to transfer risks that cannot be practically mitigated using cyber risk insurance.

Improving Risk Management And Governance

Establish an effective alignment between risk management and the internal governance structure to address cybersecurity on an organization-wide basis. This includes defining clear ownership, authority and key performance indicators (KPIs) among all internal stakeholders for critical risk management and reporting responsibilities.

Consider these strategies for integrating cybersecurity practices into how the business operates and makes decisions —

Review the organizational structure to ensure that the cybersecurity function is adequately represented across the business, internal groups and leadership.
Understand the basis for, and challenge the assignment of, important roles and lines of accountability for cybersecurity strategy, policy and execution.
Set expectations that cybersecurity and cyber-risk functions are to receive adequate staffing and funding and monitor the efficacy of these determinations.
Inspire a cybersecurity culture and encourage collaboration between the cybersecurity function and all stakeholders relating to, and accountable for, cyber risk at various levels (e.g. compliance, privacy etc.).
Ensure an accountable officer has authority and responsibility to coordinate cyber-risk strategy throughout the organization and that the organization has a comprehensive plan for data governance.

Updating Incident Management Processes

Cybersecurity response strategies should include answers to questions such as – What happens in the event of a ransomware attack? How do we respond and communicate the incident? In addition to these, some newer questions that may spark discussion on emerging issues. Such questions might include —

What is the company’s approach to access management throughout the business? Who is responsible for determining access in each of the company’s functional areas? Which function is requesting and granting the highest number of exceptions?
What is the approach to incident response in the event of a ransomware attack? What is the recovery time for the company’s most important business operations? How has the company prioritized business operations based on possible impact? Has the response plan been practiced throughout the company up to the C-suite level?
When was the most recent cyber risk assessment performed, and what has changed since that time?
To what extent has the risk assessment considered risks related to operational technology, not just information technology?
What is the cyber assessment process for mergers and acquisitions? How has the company considered cyber risk with respect to integrating an acquired business?

Investing Is The Key To Survival

A cyber attack is clear and present danger to any organization regardless of its size. Use this guidance to assess your level of preparedness and resilience should one occur.

Ensure the survival of your organization.

Investing in cybersecurity solutions and ransomware protection is the best prevention to ensure the survival of your organization.

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

Crafting a Futureproof 1:1 Device Strategy for School Districts

In the evolving landscape of Education Technology, crafting a futureproof 1:1 device strategy is crucial. This strategy should link every student, teacher, and administrator experience with specific device specifications. The integration of educational apps into the curriculum can significantly enhance the learning environment. These apps, tailored to the needs of students, can provide interactive content, fostering a dynamic learning experience.

Optimizing Your K12 Tech Investments: Funding 1:1 Device Programs

This blog will guide school districts grappling with the financial and resource demands of implementing a successful 1:1 device program amid ongoing challenges of budget constraints and competing priorities. Our guided workbook, created in partnership with Intel, provides further support with personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

K12 Cybersecurity: How to Secure 1:1 Devices in Your School District

This blog post delves into the importance of security, cybersecurity, and data privacy in school districts implementing 1:1 device initiatives. It offers basic steps for evaluating, planning, and executing a security strategy. Our guided workbook, created in partnership with Intel, provides a personalized roadmap on “Pathways to Innovation: Building a Sustainable Digital Learning Environment”.

Lost & Stolen Devices are a Serious Data Security Threat—Here’s Why

Since the pandemic, remote and hybrid work has become the norm. While mobile devices and remote workstations have empowered great flexibility, it has also led to an increase in data security problems due to lost, misplaced, or stolen devices. Find out how remote and hybrid setups are contributing to this problem and how to protect yourself and your organization.

Ransomware Gangs Adding Pressure with ‘Swatting’ Attacks—Here’s What You Need to Know

Ransomware gangs are implementing new extortion tactics to encourage victims to pay up. Swatting is becoming an increasingly popular tactic. It involves calling law enforcement to falsely report a serious, in-progress crime triggering an extreme response such as an armed raid from the SWAT team. Explore how cybercriminals are using this tactic and what you can do to prevent it from happening to you.

Smishing Attacks are on the Rise—Here’s How To Keep Your Data Safe

Smishing attacks are on the rise, posing a significant threat to data security. Originating from a blend of SMS and Phishing, these attacks have seen a drastic increase since 2020. The widespread use of smishing attacks has persisted, with a lack of awareness being a major issue. Many view these as simple spam messages, unaware of the danger they pose. This blog aims to raise awareness about smishing and provide actionable insights to protect yourself and your organization.