Last year was filled with intrigues of the presidential election between Donald Trump and Hilary Clinton. It took the major headlines. On the other hand, another issue grabbed a lot headlines too. That was Cyber Security
Cyber security, or “the cyber” as our president-elect has referred to it, is the effort to protect electronic devices and the infrastructure that supports them, from a host of physical and computerized threats.
With the continued growth of global e-commerce and electronically available consumer data, many businesses have become targets for cyber security attacks. Consider, for example, just a few of the companies who’ve acknowledged data breaches this year:
So, what does all of this mean for businesses? Well, for one thing, more government regulation likely awaits. In September, for instance, the New York State Department of Financial Services proposed sweeping new cyber security rules.
And yet, regulations alone won’t protect businesses or their customers from cyber attacks. Therefore, as cyber attacks become more widespread, businesses should take action to protect themselves and their customers by considering three questions:
1. What are your assets?
Every business has assets. For many, it’s their brand. For some, it’s the “secret sauce” for the product or service they sell. For others, it’s their customer data. For certain businesses, it’s all three of these things.
Either way, as a starting point, all businesses should itemize their most prized possessions. What are the crown jewels of the company? What does the business value the most? Take some time to consider these questions. Then, as a next step, determine the level of protections that you want to manage. For instance, if your business has $50,000 in assets, you may not want to spend $500,000 to protect them. Figure out a right-size approach that works best for your company’s needs and budget.
2. What are your threats?
As with assets, all businesses face threats. And the threats, not surprisingly, vary depending on the business.
Most businesses face the threat of competitors. But some, like banks or retailers, also face threats from cyber criminals who want to steal their money. Others, such as tech companies, face threats from competitors that seek to steal their intellectual property.
The bullets below summarize the multiple threat categories that exist.
- Nation-states (e.g., China, Russia, and other countries that facilitate cyber attacks to procure data)
- Cyber criminals (e.g., organized crime syndicates that use cyber theft to make money)
- Hacktivists (e.g., people with a bone to pick that use hacking to make a statement)<%2hacking to make a statement)
- Casual Hackers/Lone wolves (e.g., people who hack out of curiosity, but sometimes help cyber criminals)
- Inside threats (e.g., disgruntled employees seeking to steal money and/or make a statement)
Given the different threat categories, it can be difficult to figure out which threats might apply to your business. So businesses of all sizes should consider contacting cyber security vendors for help with threat identification. Additionally, businesses may use the NIST cyber threat self-assessment guide.
3. What are your weaknesses?
When threats have been identified and probably handled, identifying weaknesses and vulnerabilities becomes the next rational thing to do. This involving discovering how the threats identified above can affect your business. For instance, can cyber criminals hack into your data base to steal the credit card of your customers stored electronically? Is it remotely possible that a competitor can use your company website to get sensitive and confidential information? The answers to these questions and likely questions will enable identify weaknesses and vulnerabilities. On the other hand, it is still best for companies to consult experts on cyber security to access these vulnerabilities.
In conclusion, one should know that not all cyber security loopholes are cyber in nature. Other physical controls such as security gates in buildings and the ID badges worn by employees can provide very essential defense against cyber threats. Therefore, corporations and enterprises and businesses should consult cyber security consultants to recommend computerized and physical defense solutions.