It’s every business leader’s job to plan for resiliency against the many threats their business could face – threats across supply chain, competitors, force majeure, and technology. Technology can often be an area that’s overlooked, particularly for companies that don’t see themselves as technical.
But as Scott Howitt, CIO of McAfee, aptly states, “Technology is the way business gets done now.” Even if you don’t have a technology company or a technical company, your company is enabled by technology.
Given technology’s criticality to every successful business, leadership must understand and plan for cyber resiliency. We hear a lot about cyber attacks and cyber security, but what does it mean to be cyber resilient?
Cyber attacks will happen. And it’s just a matter of fact that it’s not an if but a when question. No company is entirely bulletproof. It only takes one employee who doesn’t spot a phishing email to click on a link and open your organization up to an attack.
That’s where cyber security comes in. Cyber security is all about putting the right systems in place to secure your technology environment and thwart attacks, implementing detection software to notice when something’s wrong, and having processes and people in place to quickly work through problems when they arise.
Cyber resiliency is all about ensuring the least cost to your business when there’s a problem. This needs to be part of a business’ risk assessment and continuity planning, right alongside plans for currency risks, supply chain risks, or competitor risks. When it comes to the revenue flows of your business, how can these risks potentially affect them? From that analysis, determine a resiliency plan. What happens when a cyber attack hits? How do you detect it and contain it with as little impact as possible?
Let’s dig into that concept of containment. Containment is critical. If, as a business leader or a technical advisor, you’re planning on locking down systems so that a breach never happens, you aren’t living in the real world. Technology changes, cyber criminals adapt, and human error cannot be completely eliminated. Again, it’s not a matter of if, it’s a matter of when a cyber attack will happen. A plan on how to contain a threat is critical to an organization’s continued success.
Where do you start?
Start with a risk assessment. Begin by looking at your revenue streams and all the elements within your operation that support or affect those revenue streams. One by one, dig into those elements and determine the technologies in place that are involved.
Conduct a technical security audit. Your risk assessment created a technology punch list, which is the starting point for your security audit. Each system, third-party software, database, etc., now needs to be part of a security audit. A technical expert who has CTO, CIO, CISO experience should lead the audit in order to understand the technical detail as well as connecting those details to business needs. The result of this audit will demonstrate the cyber-health of your organization.
Establish a remediation plan. The security audit will outline what’s working well and what needs improvement – and the urgency of those improvements. From that, the expert who led the audit will prepare a remediation plan outlining how to strengthen your technology environment and the timeline to make it happen.
This will let you have cyber resiliency as a salient part of your business plan and your business will be stronger for it.
If you would like help with a risk assessment and security audit, please let us know. Uprise is one of the top 100 security firms in North America, and we are ready to help.
A comprehensive go-to-market strategy identifies the new direction for a product or service. In a nutshell, it’s about getting your product to market efficiently and successfully.
Ransomware attacks on small and medium-sized businesses continue to rise. Is your company really prepared?