Do You Know
…the likelihood that your organization will face a cyber attack?
…the potential impact it would cause?
…how you would respond?
According to IBM’s Cost of a Data Breach Report 2022, the global average cost of a data breach has jumped to $4.35 million, a single-year increase of 10%, and the highest cost average total ever calculated by the report. This, coupled with the steady increase in cyberattacks, the number of days to contain a breach (277), and a percentage of small businesses that fold 6 months after a cyberattack (60%), make a strong case for reevaluating your organization’s cybersecurity readiness.
Asking these questions before an event can be the difference between spending years trying to recover, if it’s even possible, or avoiding the full brunt of the attack. The National Institute of Standards and Technology has created the NIST Framework V1.1 as a guideline for organizations to better manage their cyber security risk. The NIST Framework is based on five key components: Identify, Protect, Detect, Respond, and Recover. At My Resource Partners, our technology consultants add one more crucial component – Assess!
Identify
Inventory all equipment (laptops, smartphones, point of sales devices, software, and data). Next, you create and share the cybersecurity policy that covers the roles and responsibilities of all parties (vendors, employees, etc.) with access to sensitive data/systems, and the steps to protect them against an attack and limit the damage if one occurs.
Protect
Implement the company-wide training, software, hardware, procedures (backups, audits, updates, etc.), and maintenance required. This includes formal policies for safely disposing of electronic files and old devices.
Detect
Monitor for unauthorized access, investigate unusual activities, and check for unauthorized users, or connections.
Respond
Have a plan to notify customers, employees, and others whose data may be at risk as well as the appropriate authorities. Investigate and contain the attack while keeping business operations up and running. Update your Cybersecurity policy and plan with lessons learned. Also, keep in mind inadvertent events, like power outages, that may put data at risk.
Recover
Once you’ve stopped the attack the recovery process can begin – from repairing and restoring equipment and parts of the network that were affected to informing employees and customers of your response and recovery activities.
Assess
All the time! Regularly monitor and assess your hardware, infrastructure, policies, training, detection and response methods. When possible, engage outside resources like penetration testing to ensure your cyber security plan is still viable.
The Cybersecurity stories you hear on the news are only a small portion of what is actually happening around the world. Companies of all sizes must constantly evolve to protect their infrastructure and the privacy of their clients. It is invaluable to work with a Technology Consultant who has access to best-in-class providers for every aspect of Cybersecurity and who will continually educate you on the latest threats and innovations.