3 Ways to Improve Your Cyber Security Plan
Cyber attacks cost organizations millions of dollars per incident and often results in system downtime. The average cost of system downtime per cyber attack is as much as $1.25 million, according to Cybersecurity Ventures. System downtime can be costly due to lost sales, frustrated clients, and unfulfilled requests that lead to a significant backlog. Some clients also have long memories that lead to negative word of mouth and a future drop in sales. Despite the real threat of cyber attacks, Cybersecurity Ventures reports that only 28% of firms involved in installing network-dependent technology regard security strategy as highly important. Although completely preventing cyber attacks is often regarded as unrealistic, assessing threats, establishing key performance indicators, and mitigating human factors can help technology leaders improve their security strategies.
A proper threat assessment does not involve a single activity or happen once. Threat assessment is an ongoing strategic activity involving research, analysis, simulations, and follow-up. Starting with a series of questions is critical during the start of the research phase, as it helps security teams and technology leaders develop a profile of potential threats to the organization. Some of the questions to ask during this phase include:
- Who is most likely to launch an attack against the organization and its resources?
- Why is the individual or group of individuals motivated to launch an attack?
- What data or information is valuable to the potential attacker(s)?
- How are the potential attacker(s) likely to try to gain unauthorized access to the organization’s systems and data?
- How has the potential attacker(s) breached other organizations?
Once security teams and leaders determine the answers to these questions, an analysis of the firm’s IT systems and infrastructure can occur. Finding vulnerabilities and ways to detect intrusions and other types of cyberattacks is as much about thinking like the potential attacker(s) as it is about discovering ways to stay a few steps ahead. This means setting up preventative measures and also conducting exercises to try to get around those preventative measures. By trying to accomplish a mock cyberattack, internal security teams can better identify previously unseen vulnerabilities in the organization’s infrastructure, processes, and security strategy. Follow-up activities involve analyzing system logs to determine if past indications of common or known attack methods exist.
Key Performance Indicators
Assessing vulnerabilities and developing a profile of high probability threats is important, but even the most sound threat assessment will be ineffective if performance measurements are not established. A sound cybersecurity plan contains ways to measure whether the organization’s strategy is working and identify areas for continued improvement. Common key performance indicators include:
- Average detection time
- Average time to mitigate detected threats
- Number of identified vulnerabilities
- Ability to control and prevent threats
- Ability to meet and comply with the plan’s objectives
- Whether key objectives or milestones were accomplished
Securing an organization’s systems and IT infrastructure against external threats is only part of a thorough cybersecurity strategy. Planning for the internal threats related to human error and inappropriate system access is even more crucial. Employees and vendors that have access to an organization’s systems should be subjected to security policies, including controlled access, account-level privileges, several layers of authentication, and awareness of social engineering and phishing techniques.
Education that includes security policies and training related to scenarios depicting potential threats is the cornerstone of a sound mitigation plan. Employees who understand what phishing attempts look like will be less likely to click on suspicious email links and less likely to download files that contain malware. Good communication, interactive training sessions, tests that simulate phishing and social engineering attempts, raising awareness about best practices, and implementing metrics can go a long way towards mitigating vulnerabilities related to human error. Implementing access policies that only give employees the system access they need to effectively perform their jobs is a secondary factor involved in mitigating internal threats.
The possibility of an organization becoming a target of a cyber attack is high if not a guarantee. Technology leaders and IT security teams cannot afford to not take cybersecurity strategy seriously. Conducting constant threat assessments, developing and refining key performance indicators, and finding effective ways to stress the importance of security protocols to employees and vendors are three foundations of a sound cybersecurity plan. Preventing cyber attacks from becoming serious incidents is important to an organization’s sustainability but learning how to make improvements based on existing vulnerabilities is even more critical to continued success.