Cyber-attacks are a threat to businesses of all types and of all sizes, from the giant enterprises to the smaller SMEs.
A popular maxim is that there are two types of companies – those who have been breached, and those who have been breached but don’t know it. Cyber-attacks will happen regardless of what you do, or the security measures you have in place.
Simon Campbell-Young, CEO of Phoenix Distribution, says the best defence is to have strategies in place for dealing with cyber-attacks should they happen, to mitigate and limit the damage should the situation arise.
“The first step is to have a breach disclosure plan in place. Today, there is no sweeping a breach under the rug. Highly stringent regulations now govern disclosure and privacy, particularly in highly-regulated industries such as financial services and healthcare, which handle the most sensitive customer data.”
He says the problem is that too often in the aftermath of an attack, or while it is happening, the ensuing panic and confusion see disclosure rules being delayed, or even worse, not being followed. This is why it is vital to be prepared for this eventuality, and have a solid plan in place to deal with this.
When putting this plan together, Campbell-Young says it is vital to understand the regulatory environment that is in place in your country and industry. “Rules will differ for private and publicly traded businesses, and will differ slightly depending on the industry.”
Secondly, he advises to make sure your public relations and marketing teams are on board as they have the relationships with your internal and external stakeholders, and the media in particular. They will be able to formulate a crisis management strategy to control your messaging around a disaster of this nature. “In a breach situation, timing is everything, and your communications team will know how to control your disclosure, what to say, and when.”
Another important factor, he says, is understanding what information you have, and what would be a likely target for cybercriminals.
“Cybercrime is rife. It is pervasive and cybercriminals are continually honing their skills to make their work easier. It will happen to you sooner or later. Your business needs to know where it will occur and what it will be after. Understand what information you have would be of value to cyber crooks – customer data, credit card numbers, intellectual property – know what the target could be, and focus most of your security efforts on that data.”
Campbell-Young says the bottom line is that cyber-attacks are expensive and damaging.
“Not only in terms of what is stolen, but in downtime for the business, loss of trust with your customers, and expenses related to mitigating and defending against them. Moreover, there are no silver bullet solutions. While it is vital to have security measures in place, do not spend all of the security budget on preventative measures. Breaches will happen; ensure that you have planned for the inevitable.”