A unified cybersecurity strategy is the key to protecting businesses
As a result of the changes that the pandemic has brought about in the business world, organizations have significantly increased their use of data and the Internet. This, in turn, has increased the prevalence of cyberattacks and cybersecurity risks.
Accounting firm PricewaterhouseCoopers recently released a report estimating that about 62% of Canadian organizations will be affected by ransomware incidents and attacks in 2021.
Because these risks have crucial implications for businesses and their investors and customers, spending on cybersecurity increased significantly. Global spending on cybersecurity grew to more than $ 120 billion in 2017 from $ 3.5 billion in 2004.
Read more: Cyberattacks are on the rise in the workplace from home: how to protect your business
The Center for Strategic and International Studies estimates that malicious cyber activity costs the world $ 945 billion a year, while Cybersecurity Ventures estimates that the global costs of cybercrime could rise to $ 10.5 trillion by 2025.
As a result, investors, customers, suppliers, and employees are calling for better management and protection of corporate data, along with better accountability and transparency in cybersecurity to mitigate the rise in cyber risks.
In an article to be published soon in the Management and Governance Magazine, we argue that better cybersecurity and data protection can be achieved through a formal program developed after a careful audit process. The objectives of this program are described below.
A shared responsibility
The responsibility for managing cybersecurity no longer lies solely on the shoulders of IT departments, but is now the responsibility of the entire business. We argue that all departments of the company should be involved in cybersecurity programming and planning.
Management and directors should be directly involved in best practices for mitigating cybersecurity risk. Company executives should lead by example by integrating security into their company’s operations and responding quickly to cyber threats as they arise.
Corporate board members should ensure that the necessary cybersecurity protections are in place for their businesses and that they approve and review the cybersecurity data protection and governance program periodically.
At a minimum, each board should have a cyber expert with proven and updated credentials on their panel. This will provide better protection for investors, customers, suppliers and employees of the company.
The audit is the first step
The first step in creating this program is to assess the current effectiveness of an organization’s cybersecurity risks and data management through a program such as the Canadian government’s Cybersecurity Audit Program or one of the Canadian government’s audit resources. USA. These publicly available tools help auditors assess the cybersecurity of their organizations.
As part of the audit, companies should also hire third-party hackers to test the security of their systems through a penetration test. Hackers provide a unique insight into the audit process and are able to find loopholes that security professionals can overlook.
During a penetration test, hackers hired in white or gray hats carry out an authorized cyberattack to try to find vulnerabilities in a company’s cybersecurity defenses. Once detected, companies can strengthen their security to prevent these vulnerabilities from being exploited.
This assessment would provide companies with a roadmap for creating a cybersecurity action plan to ensure the protection of sensitive information systems and the data and privacy of a company’s employees, investors and customers.
Creation of the program
A comprehensive cybersecurity and data protection plan should cover a wide range of areas, such as password creation and safeguarding, remote and restricted access, email encryption, social media, antivirus measures, contingency plans, responses to data breaches and training programs.
Crucially, it would also involve the creation of an emergency disaster recovery plan. Businesses need to be prepared for any type of disaster, including power outages and cyberattacks, and be able to act accordingly to recover lost data.
We also recommend that companies create a reporting policy, as 42 percent of labor frauds are reported through tips and more than half of these purposes come from employees. A good whistleblower policy will include a hotline for complaints and ensure the confidentiality and protection of all whistleblowers.
Ultimately, a high-quality cybersecurity and data protection program will help companies adjust their management protocols and be better prepared for future cybersecurity risks. The Internet is only becoming a more and more integral part of business operations as the years go by. If companies want to keep abreast of new technological developments, they will need to make cybersecurity the focus of their organizations.