Are You Taking The Cyber Security Threat Seriously?

The threat of cyber-attacks has been talked about with increasing frequency in the media over the past few years, and recent incidents have brought to light how real this threat is. In May 2017, the WannaCry ransomware attack disrupted computer systems around the globe, and a similar style attack was announced at the end of June, impacting sites such as the Chernobyl nuclear power plant.

Despite the fact that these attacks were over a month apart, many companies still seem to have been caught off guard, suggesting that they failed to take necessary precautions.

This is indicative of a problem within cyber security circles. Even when the threat is well known, people often don’t think that it will happen to them, and put off making the strategic decisions about how best to protect their systems.

Is Cyber Security just a “nice to have”?

Although companies are increasingly aware of the risks they are exposed to, when it comes to justifying investment in security, it can be very difficult to get the business case through. Investment prioritisation exercises tend to favour revenue generating initiatives, without fully appreciating that a cyber threat could cripple the business entirely.

One method to help raise the profile and importance of cyber security is to look at the types of attacks that could occur and consider the impact each will have on your business.

For example:

• You are hit by a ransomware attack that downs your systems and prevents you trading. What is the cost to your business if you can’t trade for even one day? How many days could you survive without trading while you tried to fix the problem?
• Your customer data is stolen by hackers. Could your brand survive the reputation damage and legal fines for not properly securing customer data? How long would it take you to regain customers trust?

The Likelihood of a Cyber Attack

Calculating the likelihood of a cyber security threat occurring is difficult, but understanding the devastating effect they can have on your business helps to justify the comparatively small investment you would need to make in cyber security to help prevent them occurring.
Going a step further and looking at the exposure of each of your individual systems will enable you to decide which risks you want to mitigate, and which you are happy to live with.

If you don’t have the expertise in house to carry out this analysis, it is worth getting a security audit from an external provider. An independent review of your systems could also help to support your business case for investment in cyber security initiatives.

Create a response plan in advance

Whatever level of cyber security you decide to opt for, it is worth crafting a response plan should the worst occur.

Many companies have been praised for how swiftly they shut off corporate email in the wake of the WannaCry attack to stop the virus spreading. If you know what steps to take in advance and act quickly, it can make a huge difference to the outcome of the attack.