A few years ago, The Wall Street Journal estimated that cyber-crime was responsible for nearly $100 billion in losses in the US alone. This amount has been widely disputed and is believed by many to be much higher. Meanwhile, British insurance company Lloyd’s estimated that cyber-attacks cost companies in the UK up to $400 billion every year. This damage includes the direct impact of a cyber security breach as well as the post-attack disruption it causes.
And it’s only going to get worse. In addition to cyber-crime costs quadrupling from 2013 to 2015, Juniper research predicts that those costs will increase to $.2.1 trillion globally by the year 2019.
Cyber-crime is something every business in every country on every continent in the world must be mindful of. According to Ginni Rometty, the Chairman, CEO and President of IBM Corp., these types of attacks could very well be the greatest threat businesses have ever seen.
So, what can you do to protect your organization? What will it take to ensure that your business doesn’t become a part of the alarming statistics listed above? Well, it starts with creating a comprehensive cyber security incident response strategy – that is, a formal plan for proactively defending against incoming attacks that also includes a documented course of action for addressing and remediating incidents in as timely and effective a manner as possible.
That being said, here are five key steps to actively managing your company’s cyber security.
Establish ground rules.
First and foremost, make cyber security a priority and make it clear that protecting the assets of the company is everyone’s job. Establish policies and procedures, communicate them clearly and regularly and enforce them as needed. For instance, develop, institute and enforce a policy that requires all network users to create and use strong passwords. Post banners that remind users of their responsibilities and restrictions regarding the security of company data.
Get the right team in place.
Today’s cyber-attackers are as savvy and sly as they’ve ever been. They are constantly working to identify new vulnerabilities that they can exploit. In order to combat these sophisticated criminals, you must assemble a team that is dedicated to developing, implementing and managing your organization’s cyber security incident response strategy. It cannot be an afterthought or a side-venture. The team should be well-trained and provided with all the tools, technology and support they need to effectively prevent, monitor, assess, respond to and recover from any security incidents.
It’s been said that the best defense is a good offense, and perhaps in no arena is this more accurate than in cyber security. Being proactive about how you approach your company’s security can mean the difference between an attempted attack and a successful (and costly) breach. Make sure that you have invested in quality monitoring systems, including a combination of technology and skilled security professionals. The ability to quickly pinpoint a potential threat and assess it immediately, before it has the opportunity to wreak havoc will greatly improve your odds of keeping sensitive data safe from harm.
The types of cyber-crimes being perpetrated today are far more complex than ever before. Additionally, criminals are using advanced technology to launch relentless attacks at an almost mind boggling rate. The only sure way to fortify your organization’s defense against these ferocious onslaughts is to leverage that same technology to your own advantage. This comes in the form of automation, which provides a round-the-clock virtual army of defenders that stand at the ready to help identify, assess, verify, prioritize, notify and take action against any legitimate incidents. This instant and effective process can dramatically reduce the impact of a threat and significantly mitigate damages – all without the need for human intervention.
Be proactive about the future.
Last, but most certainly not least, it’s just as important to plan ahead as it is to be prepared in the here and now. A solid cyber security incident response strategy should also account for future attacks to further secure and fortify your defense. This can be accomplished by using the documentation from past incidents and determining best practices for future events. It should also involve regular testing and verification of existing systems, applications and security measures to identify weaknesses so that they can be adequately addressed before they become a liability.