If You Want Cybersecurity, Prepare For Cybercrime
By Danny Pehar
As a cybersecurity professional, I have preached the importance of “prevention, detection and response” for years when it comes to cybersecurity strategy. Twenty years ago, the cybersecurity industry’s main focus was on prevention, which makes sense because as a business or individual, ideally, you want to prevent a cyber breach from happening in the first place.
But when organizations like the CIA get hacked, we realize prevention alone is not enough. If the most secure organization in the world can get cyber breached, then anyone can.
And once cyber breached, the losses to a business can be devasting — according to the National Cyber Security Alliance and reported by Inc., 60% of all small businesses that suffer cyber breaches go out of business within six months or less.
It’s reasons like this that the cybersecurity world has a very true, perhaps overused saying: It’s not a question of if but when. If you’re in the know, you know cybercrime is coming, and it can be devasting. You need to expect it, and you need to prepare for it.
Here are a few simple considerations for an ideal response to being cyber breached:
- Do you have cyber insurance? If you don’t, start a conversation with your business insurance provider to see if it’s right for you. If you do, find out what is covered, how much is covered and, most importantly, what isn’t covered.
- Do you know a law firm that specializes in breach coach services and whether or not those services are covered by your cyber insurance?
- What PR firm can you work with for assistance to protect your brand after a cyber breach?
- What organization you can work with for a digital forensics assessment?
In addition to those considerations, here are some cybersecurity questions to think about that will make your life easier when the seemingly unthinkable (yet highly probable) happens:
1. Who needs to be in the room to make decisions in the event of a breach, and where is that room?
2. What kind of sensitive data does your organization have access to? Where do you keep it, and who has access to that data?
3. Who will speak to employees, clients, suppliers and partners regarding the cyber breach?
4. In the event that the attack has temporarily disabled your electronics, do you have a backup communication plan?
Also, just as having a great breach strategy is key, practicing it is equally important.
I was working with one organization on a breach exercise, and we wanted to run a realistic scenario. We all agreed to come in on the weekend because of course breaches don’t just happen during convenient working hours. It was during this weekend exercise that we realized all of the washroom doors of the office building were locked over the weekend. This was commonly done by the custodial staff during off hours. It was only as a result of that exercise that we learned we needed to add the custodial team to the breach response document. In the event of a breach, we needed to know the contact information of the custodial team to unlock the washroom doors for after-hours use.
The probability of cybercrime committed against any business is high; the impact can be devasting, and the response is complicated. Every business, big or small, needs to have a cyber breach strategy, and it needs to practice it. If you want cybersecurity, you need to prepare for cybercrime.