"Raise the topic of cybersecurity with any board of directors. They would all probably agree it’s a very important issue, but it’s rare that they would all agree what to do about it. Just asking a few pointed questions can create a lot of energy:
How well prepared are you for a sophisticated cyber attack this afternoon?”
EY posted a really interesting article on their blog the other day posing precisely that question. It’s a good one to ask because people in management roles tend to think of cybercrime as some far-off, speculative threat. But the reality is much more immediate; criminals can use simple email-based tactics to gain control of a company’s data in just minutes.
Why are companies underprepared?
“Research that we conducted … shows that 86% of organisations do not believe their cybersecurity fully meets their needs,” EY reveal in their post. The question that raises for me is; why are managers struggling to take control of that security deficit?
I think the answer might lie in the increasing ambiguity around the nature of contemporary threats. Being forearmed against cyber-attack isn’t just a matter of installing up-to-date virus scanners on your computers any more. The attacks causing disastrous data breaches now are instigated via subversive, subtle means that are undetectable by old-school software and basic firewall defences.
Cybercrime is evolving fast
“Cyber criminals know how to find and exploit every opportunity,” EY point out in their article. “Today’s cyber criminals use advanced techniques, to mimic executives and fool employees into sending emails or making money transfers. Businesses need sophisticated defences, now that their adversaries have become this clever.”
This is the crux of the problem for executives and business owners trying to handle security: cybercrime is diverse now and rapidly evolving. The only way to counter it is to have an equally agile defensive posture, and that seems like a daunting task for the average businessperson.
Multi-layered security
Criminals are constantly changing their methods to maintain the element of surprise. In one attack MailGuard intercepted the scammers used over 160 variations of their payload to stay ahead of antivirus updates.
Trying to counter the ever-evolving and complex threats with an in-house IT team is near-impossible. Cybersecurity requires highly specialised skill sets and tools to be effective. By the time your management team have decided they need to act on a threat, and the IT team have started to react, it will be too late.
I’m focussed on developing AI security tools. MailGuard is driven by an AI engine that’s not just protecting our users from existing threats, it’s constantly learning and predicting what tactics the opposition might use next. Because the one thing you can count on with cybercrime is this: tomorrow’s attack is going to be different from yesterday’s.
Act now to mitigate risk
EY advocate an “active defence” policy, and I heartily endorse that recommendation. It’s not enough to update your software and hope for the best. Every company needs to be proactive to minimise the possibility they will be breached.
- Conduct a thorough data audit to establish where your organisation's weak points are.
- Deploy a cloud-based, AI-powered cybersecurity solution that doesn’t require local updates to be effective.
- Educate your employees to recognise the most dangerous threats like phishing and social engineering.
Trying to mitigate a cyber-threat responsively is a losing gambit. Having a secure perimeter around your company’s data means thinking preventatively. If your management team need to have a meeting to decide how to handle an attack, then you’ve already lost the battle.
As EY wisely advises; “consider how quickly things can go wrong when a cyber attack happens. It’s better to mobilise to improve your defences now than after an attack, when your organisation will be in a state of shock and, most likely, chaos. So when information security is next on your board’s agenda, fully investigate the strength of your current capabilities and ask the question — are you ready to face a cyber attack..?”
Cybersecurity for business explained
If you would like to learn more about the complex cybersecurity challenges facing business today, please download the e-book Surviving the Rise of Cybercrime by MailGuard CEO Craig McDonald. This plain English handbook explains the most common threats and provides essential guidance on managing risk.
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.” - Rob Sloan, Cybersecurity Research Director, Wall Street Journal.
Download your copy of Surviving the Rise of Cybercrime for free, here.
... ... ...
Hi, I’m Craig McDonald.
Follow me on social media to keep up with the latest developments in business cybersecurity; I'm active on LinkedIn and Twitter.
I’d really value your input and comments so please join the conversation.
