Think You Haven't Been Hacked? You're Wrong
- Keywords:
- cybersecurity
- operations
- manage risk
This is the first part in a two-part series about helping you protect your company against cyber-threats. In this article we'll explore the basic cybersecurity principles you should know to combat the increasing threats to your company.
Companies have a greater risk of experiencing a cyber incident than ever before. Cyber criminals aren’t just looking at large corporations; companies of all sizes have information that can be valuable to a hacker. The key to stopping them is to change your thinking. Throw away the "not me" or "not yet" mindsets and instead adopt the realization that your systems have already been compromised.
A comprehensive cybersecurity program begins with understanding basic cybersecurity best practices and potential vulnerabilities. Consider the following:
- Get everyone on board. Cybersecurity isn't just the CEO or CIO's responsibility. The board, executives, employees and partners should be versed on cybersecurity policies and procedures and be accountable for protecting the company's assets.
- Identify what assets require the most protection. This is the digital equivalent of fortifying the Crown Jewels inside the Tower of London. Once you identify the company's most valuable assets, be it customer information, intellectual property or something else, you can begin to take steps to secure it.
- Perform a risk assessment to understand vulnerabilities and impacts. By performing a risk assessment, or having a third-party conduct one, you can better understand your company's specific risk exposure and potential impacts from that exposure. A risk assessment also helps determine vulnerable entry points, identify protective measures, allocate resources and develop policies to manage cyber risks.
- Realize that risks can be internal and might not always be malicious. Evil-intentioned hackers aren't the only threats to your company. Your own employees can unknowingly compromise your systems by emailing a work document to their personal email address or politely holding a secure door open for someone they assume is an employee.
- View cybersecurity as a comprehensive ecosystem. Threats aren’t limited to your company's own system. Your system could be interconnected with suppliers, vendors and clients, and an attack on one system can compromise the others. Consider that the hackers who breached Target's system to acquire data on millions of customers gained access through the company's HVAC contractor.
- Conduct tabletop exercises. You should routinely conduct tabletop exercises, a facilitator-led simulation, to test your incident response plan against real world scenarios. By understanding how your team and your approach hold up during a simulated breach, you can hone your plan to be better prepared when a real threat or breach occurs.
Knowing the basics principles of cybersecurity is the first step in protecting your company against the increasing threat of cyber attacks.
Read more
Aman Raheja
BMO U.S. Chief Information Security Officer
This is the first part in a two-part series about helping you protect your company against cyber-threats. In this article we'll explore the basic cybersecurity principles you should know to combat the increasing threats to your company.
Companies have a greater risk of experiencing a cyber incident than ever before. Cyber criminals aren’t just looking at large corporations; companies of all sizes have information that can be valuable to a hacker. The key to stopping them is to change your thinking. Throw away the "not me" or "not yet" mindsets and instead adopt the realization that your systems have already been compromised.
A comprehensive cybersecurity program begins with understanding basic cybersecurity best practices and potential vulnerabilities. Consider the following:
- Get everyone on board. Cybersecurity isn't just the CEO or CIO's responsibility. The board, executives, employees and partners should be versed on cybersecurity policies and procedures and be accountable for protecting the company's assets.
- Identify what assets require the most protection. This is the digital equivalent of fortifying the Crown Jewels inside the Tower of London. Once you identify the company's most valuable assets, be it customer information, intellectual property or something else, you can begin to take steps to secure it.
- Perform a risk assessment to understand vulnerabilities and impacts. By performing a risk assessment, or having a third-party conduct one, you can better understand your company's specific risk exposure and potential impacts from that exposure. A risk assessment also helps determine vulnerable entry points, identify protective measures, allocate resources and develop policies to manage cyber risks.
- Realize that risks can be internal and might not always be malicious. Evil-intentioned hackers aren't the only threats to your company. Your own employees can unknowingly compromise your systems by emailing a work document to their personal email address or politely holding a secure door open for someone they assume is an employee.
- View cybersecurity as a comprehensive ecosystem. Threats aren’t limited to your company's own system. Your system could be interconnected with suppliers, vendors and clients, and an attack on one system can compromise the others. Consider that the hackers who breached Target's system to acquire data on millions of customers gained access through the company's HVAC contractor.
- Conduct tabletop exercises. You should routinely conduct tabletop exercises, a facilitator-led simulation, to test your incident response plan against real world scenarios. By understanding how your team and your approach hold up during a simulated breach, you can hone your plan to be better prepared when a real threat or breach occurs.
Knowing the basics principles of cybersecurity is the first step in protecting your company against the increasing threat of cyber attacks.
This is part 1
of a
2-part series on
This article discusses some cybersecurity best practices and potential vulnerabilities that businesses should consider to combat threats.
PART 2
How to Create a Comprehensive Cybersecurity Plan
Aman Raheja | July 16, 2018 Business Strategy
Cybercriminals are actively trying to breach your defenses and steal your most valuable data. The best defense against cybercriminals is to have a pl…
Tell us three simple things to
customize your experience
