The country recently was rocked when three major enterprises encountered cyber “glitches” that were serious enough to take them off line, leading to speculation that perhaps there was something more sinister at play. While contemplating the situation in real time, many enterprises undoubtedly engaged in a quick self-assessment of their own cyber security defenses and readiness and heaved a sigh of relief when the disruptions were reported to be resolved, unrelated, and not caused by malicious outsiders.
But what if it had been different? How well would your company fare in the face of an attempted or successful cyber attack?
Yesterday’s events should serve as a wake up call for all enterprises to shore up their defenses and formulate their game plan in the event of a cyber security incident.
Here are four of the key factors to consider:
1. Have you conducted a risk-based security assessment? The assessment, among other things, should determine if you’ve already been hacked, test your perimeter, and scan for internal and external vulnerabilities.
2. Have you established and implemented effective employee training and awareness policies and programs? Studies repeatedly show that employees are at the heart of most security incidents. Employees should be educated about the crucial role they play in securing enterprise data, and they should be trained to recognize and avoid security threats.
3. Have you assembled an incident response team? No entity should put itself in the position of wondering what to do and who to call when it suffers a cyber security incident. Entities should build their incident response team and practice their response to various security incident scenarios before an incident ever happens. Companies that do this are in a better position to respond when an event occurs, thereby minimizing the financial, legal, and reputational fallout of a cyber security incident.
4. Have you purchased insurance to cover cyber incidents? Enterprises routinely purchase insurance to transfer the risk of potential liabilities they might encounter in the course of their business operations. Cyber liabilities should be treated the same way. Cyber insurance can provide much needed financial and tactical support in the event of a cyber incident.
Take away Message: Thoughtful focus on these four steps can help companies protect against and mitigate the effects of a cyber security incident. As recent events have demonstrated, the risks are real and show no signs of abating.