Many business owners and IT directors alike are fearful of cyber-attacks. And with good reason…
As the world becomes more digitised and interconnected, there are more ways for hackers to target businesses. Barely a week seems to go by without us hearing about a significant breach in the news.
This is because hacking has become an industry. Recently, there’s been a huge increase in people willing and able to exploit cyber-security ignorance.
People tend to focus on the direct damage caused by cyber-attacks i.e. loss of data, denial of services and thus downtime, fines from regulators etc. However, the intangible damage that can be unleashed is often overlooked, such as reputation and trust – the cornerstones used to build a healthy brand.
The question is, when (not if) your business is targeted, how can you stop your hard-earned brand equity being tarnished?
This was the subject of my presentation at a recent Converge Rendezvous Event (see my slides below). During my talk, I emphasised the inevitability of cyber-security breaches, in a world where more things are connected than ever before.
I discussed why TalkTalk’s breach in particularly damaging. There’s a lot that can be learned, not just from the irony of this screenshot of TalkTalk CEO pondering why her company’s IT infrastructure had been brought its knees by a 15 year old:
It was TalkTalk’s response, rather than the breach itself that caused the most damage. Confusion, panicked miscommunication and ultimately perceived gross-incompetence were the drivers behind the brand’s subsequent plummet in share price and reputational measures.
But most importantly, I also introduced the practical steps on how businesses can protect not just their IT systems, but their brand from cyber-security threats:
Firstly, be on the right track from the start. Cyber-security is like accounting — there are well established ways of doing things, and for good reasons. And if you get the simple things right, you’ll be better prepared for more complex issues. Find measures that everyone can understand. Time to detection is a good measure of your security capabilities (Cisco’s time to detection is 13 hours, compared with six months for the average organisation).
Secondly, classify your data. Every organisation needs to rate all its documents, images, content and data according to, for example, sensitivity, or geography. Unmarked data is hard to police.
Thirdly, secure your supply chain. Most large organisations have smaller businesses in their supply chain. Every business has a big role to play in helping downstream suppliers defend themselves and their trading partners. A chain is only a strong as its weakest link.
Draft and regularly update an Incident Response Plan (IRP). An IRP is an organised and well documented approach to addressing and managing the aftermath of a security breach or attack. Traditionally seen as the remit of the IT department, the goal is to handle the situation in a way that limits damage. The PR / Crisis Communications and/or Brand Team (depending on the structure of the organisation) must be involved in planning a response to the a variety of scenarios that may occur in order to limit the reputational and thus brand damage.
But most importantly, get visibility! You need to think about tools that can give visibility of all of your network activity. By doing this you can use data analytics to monitor the environment and identify anomalies that could be fraudulent or malicious behaviour. What’s normal or abnormal? When do you bring in the experts? You can only execute the right decisions according to the IRP if you have the right data and the right level of vigilance. You cannot protect against what you can’t see, and it’s a simple as that.
Thinking about cyber-security can be daunting, however with a little more understanding of where your vulnerabilities lie, you can take the right steps to protecting your business. And your brand.
For those that missed the event, we're offering a Free Cyber-Security Threat Report. We’ll audit your infrastructure, identifying potential threats or undetected breaches lurking in your network. Once we know what we’re dealing with, we will be able to suggest the best critical protection for you. The below infographic outlines how it works:
To arrange your Free Cyber-Security Threat Report, visit forfusion.com/security or fill in the below contact form.
You can also join the conversation on Twitter for improving cyber-security standards and awareness using #CyberSecurityNE.
Download Our Free White Paper on Cyber-Security
If you're looking for practical steps on how businesses can protect their IT systems and brand from cyber-security threats then look no further.