The World Economic Forum has once again placed cybersecurity near the top of its latest list of global risks. With the growth of ransomware as a service and the rise in nation-state attacks – most have come to understand it is only a matter of time until their organization or agency is under siege.
If information is power, it would seem a global standard of reporting for cyberattacks that focuses on calculating, measuring and communicating cyber risk would go a long way in shifting the balance of power away from cybercriminals – helping organizations of all sizes better mitigate risk. A recent article in Harvard Business Review sets forth a case for why we need this, and what it might look like.
Of course, like any large-scale initiative that includes such diverse interests and stakeholders, the key to success would be broad buy-in and participation – from organizations, governments and reporting bodies. And the hope that by the time we got there, the cybercriminals had not already found a way to beat the new system.
The US Government estimates that 4,000 cyber-attacks occur every day. How can you build confidence around your security posture, controls and abilities to detect threats and respond to incidents? Until there is a global consortium and open information sharing, what is a security leader to do?
- Get a handle on how you measure up today. A vulnerability assessment and security control validation exercise can provide a realistic view of where your systems are current (patched, properly configured) and how your network defends against a simulated attack (are your controls doing what you believe they should?).
- Do it on a continuous basis: The cyber-threat landscape is constantly evolving, as are regulatory requirements. Cyber-preparedness has to be reviewed and adjusted regularly., it is not a once and done event.
- Use your findings as a road map to help guide your focus and investments with a priority on closing gaps and fortifying weaknesses. Be sure you are implementing a layered, defense in depth posture.
- Inspect your DR/BCP to ensure you can quickly restore data and resume operations in the event of compromise. Keep abreast of new technologies and solutions that can dramatically lower restore times as well as cost.
Given unlimited time and resources, you could certainly do all these things yourself. But you don’t have to. DataEndure is here to help.
Sign up today for your complimentary Security Health Check