Cyber risk is beginning to equal or even eclipse some types of physical risk. But here’s the challenge: cyberattacks are ever-evolving. Just as we begin to understand how to combat one threat, an inventive thief learns another way into IT systems.
If an incident does occur, we’ve already covered the elements of a strong cyber incident response plan —preparation, ownership and testing; continuous monitoring; containment; remediation and eradication; and post-mortem review. While that’s an incredibly important process to design and understand, it’s, of course, better to avoid a breach or business interruption in the first place.
Any cybersecurity prevention plan is only effective if it’s viewed as a living, breathing document that demands continual update. As Linda Betz, chief information security officer at Travelers says, “There’s probably something else that will happen tomorrow we haven’t thought about. We have to be moving forward to stay competitive, unless we turn off all of our computers, which isn’t an option. So, companies need to be thinking about the future as they’re forming a cybersecurity plan.”
Why is such a proactive, evolving approach so important?
- As technology becomes second nature, individuals are increasingly willing to surrender their privacy, information, and trackability in return for convenience, free apps and content—and this isn’t behavior employees only engage in with their personal accounts.
- The rapid deployment of the internet of things (IoT) only adds to the complexity of the security risk we must all address. While you may be unfamiliar with the term IoT, it’s likely you’ve already been exposed to it. In short, the IoT refers to the network created between physical devices, vehicles (also referred to as “connected devices” and “smart devices”), buildings and other items. The resulting electronics, software, sensors, and network connectivity embedded within each of these devices freely collects and exchanges data, which simply opens more and more possibilities for thieves. Formtek reports that by 2020, one out of every four enterprise attacks will originate from IoT.
- Cyber criminals look for weak links. This means companies must consider the risks in all aspects of their operations, and cybersecurity must be every employee’s responsibility, regardless of their role. However, the process must still be driven and owned overall by the IT department. Formtek notes that in the near future, one third of successful attacks will result from Shadow IT—which is when IT systems and programs, often deployed by a department other than IT, are used without explicit company review or approval (think of a travel app used on a corporate phone or laptop or a billing program installed by accounting).
Cyber criminals will be relentless and are growing increasingly sophisticated in their tactics. Any weak link—whether human or technology based—will be exploited. While it may seem like an impossible threat to avoid, know that John A Wheeler from Gartner predicts that fully 99 percent of all vulnerabilities hitting businesses in the next five years will be ones that were publicly known about for more than one year. That means your best defense is action. Don’t sit back and wait. If you’re not already engaged, it’s time.