Supply Chain Defense
The Three Elements of Cybersecurity
April 20, 2020 | 3 min read
BlueVoyant
The average cost of a data breach is now $3.92 million. It takes, on average, 206 days to identify, and 73 days to contain according to IBMs 2019 Cost of a Data Breach Report. While these numbers may already seem high, they are global numbers and experts cited in the report explained that the US companies are experiencing even higher costs.
There’s really no point in debating it… Cybersecurity is expensive, but any effective cybersecurity initiative that costs at least a dollar less than the average is cheaper than the alternative if you experience a breach. Not to mention all of the extra costs that you’ll incur in legal, reputation, and loyalty over time.
To protect yourself against cyber crime, you will need to work on these three elements of your business.
People
Your technology and policies are only as good as the people managing them. There are two types of employee preparation you should consider:
- Employee Basic Training: This training should include every employee and cover basic cyber hygiene, including how to browse the web at work (and at home if you’re using a company device). How to use company email - reviewing do’s and don’ts. How to engage on social networking (not just representing the company, but how to avoid elicitation from threat actors). How to work in the cloud safely and securely.
- IT Continuing Education: The training should be specific to your IT staff and should cover different levels of information depending on what tier they fall in the help desk hierarchy. The training should include how to recognize intrusions and the reporting structure for a breach. It should cover the latest and most relevant industry security threats. Members of the team should know what is and what isn’t within their capabilities - identifying what alerts and events require expert intervention. This is the best way to stay ahead of new malware and phishing threats.
- Expertise and Experience: It is just as important that the people managing your technology have the experience and expertise necessary to take full advantage of its capabilities. Without deep operational knowledge of the best-of-breed technologies, you will not gain the full benefits of your investment. Working with a Managed Security Services Provider can help meet the challenges of finding and retaining top talent.
Process
Your cyber security policy should not be so complex that it’s difficult for employees to understand or comply with; however, it must be comprehensive enough to secure your business. Your policy must take into consideration industry best practices, regulatory compliance, privacy concerns, and any potential legal liability a breach could expose your business to. The Federal Communications Commission Cyber Security Planning Guide outlines the specific things that you should include. The NIST and MITRE ATT&CK frameworks are also available to guide you in creating solid policies and processes to better secure your business.
Technology
The technology and tactics that bad actors use are increasing in sophistication constantly. Tools to thwart them are also evolving, but not at the same pace - that’s why it’s crucial to stay as up to date as you can so you can stand a fighting chance. It makes sense to get the best hardware and software solutions you can afford - and keep them up to date with the latest updates and patches as they become available. When prominent companies push upgrades, this provides an alert to cybercriminals around security flaws. Seizing the opportunity to reap rewards from the slow to move, they immediately test them and capture immediate revenue. This CSO Online article, Security software reviews, 2019: Lab tests of today's top tools, outlines their top 22 picks from 2019.
If you can't afford the best, consider a Managed Security Services provider - they often have tools that are beyond what most small and medium businesses can budget. A managed security services provider can give you access to tools and deeper expertise while potentially saving you money before a breach.
About BlueVoyant
A data breach could cost you your business - or millions of dollars and the loss of your reputation.
BlueVoyant provides advanced cyber threat intelligence, managed security services, and proactive professional services offering small and medium enterprises the same kind of software and level of services that large enterprises enjoy.
Related Reading
Digital Risk Protection
Breakdown of Takedown: An Overview of Tackling Phishing Threats
November 25, 2024 | 5 min read
Microsoft
Scary Cybersecurity Stories to Tell in the Dark: Tales from the Digital Depths
October 22, 2024 | 1 min read