What is “cyber” and why should I care about “cyber attacks”?
Seemingly everywhere nowadays we hear and see “cyber” more and more. In the information security industry, we like to joke that every time someone says “CYBER!” … somewhere a puppy gets kicked. So, please try not to over use the term.
Joking aside, the Oxford definition of cyber is “Relating to or characteristic of the culture of computers, information technology and virtual reality.”
What does that really mean? It means computers are everywhere and we live in a culture that relies upon them. From the ones that might make our morning cup of coffee to the ones we carry around in our pockets to the ones that control our modern vehicles, computers are all around us.
As business owners, we heavily rely upon computers to conduct business itself.
Resistance to computers is appropriately dead in business; we are in it for the long haul now. What we must do is be cognizant of the business benefits of cyber while paying special attention to the risks.
You should care because it’s never a question of “if” you will be hacked; it’s more a question of “when.” Business leaders need to be able to understand what the acceptable risks are when it comes to cybersecurity and properly insulate themselves and work to mitigate unacceptable risks.
While moving at the speed of business, basic industry standards for backup, recovery and disaster planning are not being met. This can be because of ignorance of the threat, lack of funding, too few resources or misaligned priorities.
Our consultants respond to all types of information security incidents and conduct 24/7/365 business-tailored network security monitoring. A recent incident we responded to involved one click on a phishing email by an overprivileged user, resulting in a near-complete loss of company data since the beginning of this company’s conducting business electronically; that, ladies and gentleman, is a business-crippling event (and a “resume updating” event for the IT staff, I’m sure). While we were able to assist in complete restoration of the ransomed data, I’m positive the business leaders will not soon forget this incident.
The takeaways here are to embrace information security and the cyber culture but ensure you have the basics in place and understand how a cyber event can impact your business.
Depending on your market vertical, regulations and compliance might force your hand when it comes to cyber preparedness. Basic information security hygiene includes but is not limited to a business continuity plan, a backup and disaster recovery plan, asset inventory, patch and configuration management, and continuous vulnerability assessment.
“Cyber!” and defending against cyberattacks don’t need to break the bank, no matter the budget. Taking a practical approach to information security awareness and maintaining basic “cyber hygiene” is step one. And of course, if you need a helping hand, Rendition Infosec is right around the corner.