Proactivity is the key to effective cyber security
Plan for the worst and know what to do when an incident occurs, says Nadia Veeran-Patel, manager: Cyber Resilience at ContinuitySA.
Given current threat levels, all organisations should assume they will experience some sort of cyber security incident sooner or later – probably sooner, adds Nadia Veeran-Patel, Manager: Cyber Resilience, ContinuitySA. “Plan for the worst and, most important of all, know what to do when an incident occurs. Understanding that a successful attack will be launched is the basis of a proactive approach to information security and risk management,” she advises.
“Our Cyber Resilience service examines critical information assets, plans for mitigation and remediation, and response-and-recover measures. In short, we make sure you have a plan, and know how to use it.”
The statistics say it all. The SiteLock 2019 Website Security Report indicates that, while hacks have become harder to detect, the number increased by 59% in 2018. The Report makes it clear that small businesses are as much targets as larger corporates – virtually all businesses have Web sites nowadays, and 17.6 million Web sites have malware at any given time.
The numbers of people affected by site hacks are mind-boggling – just one example is that 147.9 million consumers were affected by the Equifax breach in 2017. Seventy percent of organisations say they believe their security risk increased significantly in 2017.
However, says Veeran-Patel, it’s critical to look at cyber security holistically. “After all, while plenty of attacks do indeed arrive via the Internet, they can also show up at the front desk with a USB drive, or peer over your shoulder in a busy coffee shop,” she notes. “Organisations need to conduct a proper risk assessment and then develop a roadmap matched to their cyber security strategy – you need to know where you are going and how to get there. It’s also important to get guidance on the tools necessary to address any gaps and minimise the risks identified.”
Once an attack has happened, it’s important to take the time to evaluate the short, medium and long-term impacts. These will vary, but one basic business resilience measure that will reduce the impact of threats is reliable, consistent and easily accessible backups. Partnering with a reputable business continuity partner will ensure backups are expertly maintained and cloud hosting will ensure they are always available.
In summary, Veeran-Patel says the following best practices should be followed:
- Plan for the worst and ensure you identify your risks and mitigation strategies upfront.
- Make sure you have a reliable backup process in place, with a clear understanding of what your information assets are, how often they should be backed up and how quickly each one needs to be recovered. These decisions need to be made by the business in conjunction with the IT department, never just the latter.
- Identify owners of information assets across the business and ensure they are part of the risk management process.
- One final point is that cyber security is ultimately a function of corporate culture. Everybody in the organisation needs to understand the risks and the role they can play in making the organisation secure. For example, people working in public spaces are especially vulnerable, and visitors to the office can abstract vital information from unattended desks.
“Cyber security is everyone’s responsibility. Knowledge and awareness are probably the most important pillars of a successful defence strategy,” she concludes. “Regular security awareness training emphasises what the threats are, how they change (and updates on new methods) and the impacts threats can have. Interactive staff workshops have proven very successful, they promote sharing and management of expectations.”
ContinuitySA is Africa’s leading provider of business continuity management (BCM) and resilience services and has been helping the continent’s public and private organisations become more resilient for more than 30 years. Delivered by highly skilled experts, its fully managed services include ICT and cyber resilience, enterprise risk management, work area recovery and BCM advisory - all designed to enhance business resilience in an age of escalating threat. By helping clients understand their risk profile, and then develop an appropriate risk-mitigation strategy, including the ability to recover swiftly from a disaster, ContinuitySA provides peace of mind for all stakeholders.
ContinuitySA operates the continent’s biggest network of recovery centres, with more than 20 000m2 of space in Gauteng (Midrand and Randburg), the Western Cape (Tyger Valley), in Kwa-Zulu Natal (Mount Edgecombe) as well in Botswana, Mozambique, Kenya and Mauritius.
ContinuitySA is a Gold Partner of the Business Continuity Institute (BCI) and was inducted into the prestigious BCI Hall of Fame in 2016. It is also a Gold Partner of Veeam, a leading global provider of software enabling Disaster Recovery as a Service and Backup as a Service.
ContinuitySA. Our business is keeping you in business.