There are a limitless number of cyber risks facing your organisation:
- Technology failures due to ransomware
- Natural disasters
- Silent cyber attackers (like espionage)
- Disgruntled employees
- Careless contractors, and so on
Not to mention all the other risks your business faces on a daily basis:
- Brand reputation
- Lead generation
- Accounts receivable
- Fulfillment, etc.
In our experience, when faced with the enormity of these risks, most people settle into a nice game of “whack-a-mole,” which they play every day.
A Very Satisfying Way to Go
With this approach, you get to play plenty
Yep, simply concentrate on future issue which may impact your organisation, so grab a occasional whenever there’s a incident happen.
But, that’s an expensive and reactionary strategy that leaves you susceptible to larger, less frequent events.
For example, have you ever recently tested the power of your information backup resolution to revive data? Nobody can raise you to try and do that, however you may be shocked at however typically backups fail once you really want them. Simply raise Hollywood Presbyterian medical center or the other organization that paid ransom instead of restore from backup.
Another Easy Path
Another common approach is to focus on being compliant with whatever regime is hovering over you:
- PCI-DSS
- HIPAA
- GDPR
Compliance Does Not Equal Cybersecurity!
Here’s a good example: the huge retailer Target was PCI compliant, however still got hacked in 2013 and lost management of seventy million credit and debit cards.
Target same the full value of the information breach was $202 million as of may 2017.
Even once compliance is effective, you still won’t have coated all of your cyber risks. What concerning your intellectual property? Or, your employee’s in person distinctive information? for each potential issue addressed by compliance, there are many others lurking simply outside of regulation boundaries.
OK, What Should I Do?
You already recognize what we are close to say next:
Neither “whack-a-mole” nor “compliance first” is that the best thanks to place your restricted budget against your unlimited cyber risks.
The question to raise yourself is “Where can i buy the most cyber risk management profit for consecutive dollar we spend?”
To answer that question, you want to rank your disbursement. Which suggests that doing the school assignment to understand your prime risks, in order.
The NIST Cybersecurity Framework
We suggest measuring yourself against the various Cybersecurity Framework. It’s a “consensus standard” that was created by actual cyber security practitioners from the private sector.
The framework is focused on preventing data breaches and increasing cyber resilience across your entire organization. And, it can scale down or up depending on organizational size.