By René-Sylvain Bédard
Ever wondered why your cybersecurity strategy is never done? Why it must always be maintained and requires constant focus? René-Sylvain Bédard, author of SECURE by Design, explains why.
Your corporation runs on data
In today’s information and AI age, no one can live without data. It allows us to communicate, to strategize our growth, and even run day-to-day operations.
And the cybercriminals know this, that is why they created a business model that takes data, and the systems required to use them, hostage and asks for ransoms. The last of these models include data exfiltration, and extorsion models. Some go as far as shorting your stocks. So how can you, as an executive, bring this to an even fight? The answer: you must shine lights into the dark corners they hide in.
The liability: What’s at stake
Let’s be clear, this goes beyond the amount that will be required to recuperate your company. This is about reputation, customers’ trust and your employees’ (and your own) mental health. This will put stress on everything like you have rarely had to manage, if ever.
An extinction event for your company.
Insurance might help you rebuild your house after a fire, but smoke detectors might help you save it or minimize the damage. Most importantly, it will give you the minutes you need to make it out alive.
Executive leadership required
In contrast to all my cybersecurity colleagues, I will tell you not to train your users. At least not until you, as their leader, have invested the time and effort to train yourself. Why? Because you are the alpha, the model, he/she who sets the path. Your vision is the way. Hence, if you do not put in effort and focus on cybersecurity, no one will.
Therefore, I highly recommend that you train yourself to understand cybersecurity, be curious and become informed of your posture, then enroll your management team, and once all of you are aware of the risks and are looking for answers, enroll your teams.
Percolation.
Let’s just make sure that you put a feedback loop in place. You want to know what is happening and what the feedback is from the floor, or else you risk being disconnected from reality.
The wolf at the door
First, let’s make things clear, cybercriminals will not likely target your company, they target every company. As a corporation you have one of the things they want most: Money.
And the worst part is that cybercriminals usually spend weeks, sometimes months, analyzing your company from within and strategizing on how to best bring you down. They will know how much money is in your bank account before making the ransom demands.
So, let’s act as if they were already in your systems. What then? What’s next?
Here’s a quick list:
- List of contacts in case of emergency (printed), including insurance, lawyers, experts and customers
- Your data: Backed up and ready to restore. Quick question: Are you sure that it is free of the malware that initiated this intrusion?
- Do you have a place where you can regroup and establish a war room to coordinate all the required efforts, and no, your conference room might not be it if your systems are compromised.
- Your construction blueprints: How was it built before it was attacked, so you can rebuild if necessary.
- Make sure that you have sensors, especially on your most critical data and the systems required to use them.
- A set-aside fund, because this emergency will be costly
It is my opinion that the cheapest cybersecurity event you can wish for is the one you can prevent.
Understanding this becomes critical when setting up your cyberdefenses. And don’t get me wrong, I am not saying that you should throw all your money into your cybersecurity plan, but by being aware of the risk, you can start planning to see how to best protect your company from cybercriminals.
Change is the name of the game
Both your company and the technology landscape are in a constant and never-ending evolution, that is why your cybersecurity plan will never be finished.
Here are a few factors that you’ll need to review regularly:
- Annual audits and intrusion tests, to ensure that your defenses will hold, but also where are your risks and how to address them.
- People, Process and Technology,
- New people coming into your company that will need to be instilled with your cybersecurity culture
- New or altered processes that may open small breaches over time
- Vigil on trending technologies, to know how they will impact your cyberdefenses
- And Ecosystem
- Because your ecosystem of partners that are connecting to your data should also demonstrate that they are secure. If not, they may let the wolf in.
- Cybersecurity recovery drill, because your executive team will need to know how to react
- Risk ledger, what risks were uncovered and how have you chosen to remediate or accept them.
Visibility and reactivity as the game changer
In order to prevent cyberattacks I strongly believe that you, as an executive, have an accountability to sight. You, of all people, must know what is happening. You cannot be blind-sighted. You have the power to set rules and to implement processes that will give you that insight into the dark corners of your company and will allow you to know what is happening.
With today’s technology, there are ways to integrate sensors and alarm centrals that will make life-or-death differences for your company. And trust me, you want to know before the event occurs. You want that option to block a user that has been infected before it establishes a nest within your company. This cannot be achieved without a proper cyberdefense plan in place and eyes on those sensors.
AI can help, but before you get to that level, the basics have to be covered.
The good news is that there are people, cyberdefenders, that are there to support you in your cybersecurity journey.
You are not alone.
About the Author
René-Sylvain Bédard is a technology veteran with over 30 years of experience in the field. He is an author, keynote speaker and the founder of Indominus Managed Security. His book SECURE by Design, A leader’s guide to keeping cybercriminals out of your business, is available on Amazon and in most bookstores.
#Gift #Giving