Getting Smart on Cybersecurity
Hardly a week goes by without news of another sophisticated cyberattack affecting businesses and individuals worldwide. Learn about current threats, how to avoid potential losses from an attack and how organizations are working with law enforcement to combat this growing menace.
Cyberattacks on organizations of all sizes have proliferated over the past three decades, evolving into a billion-dollar criminal enterprise with sophisticated techniques and abundant resources.
Given the prodigious nature of this threat landscape, it’s not surprising that cybersecurity jobs are in high demand, with millions of open positions projected over the next couple of years. Aside from investing in personnel, organizations can help lower the risk—or lessen the damage—of a cyberattack by staying up to date on current threats, training employees, evaluating prevention and detection methods, and building relationships with law enforcement and industry groups.
Balancing Prevention, Detection and Recovery
Although it is vital for many business functions, the internet can also be a dangerous place. Therefore, it’s critical that prevention, detection and recovery methods are weighed and taken into account. Prevention is often aligned to information security frameworks, ideally based on countering the most prevalent threats of the day. Detection, on the other hand, helps minimize the impact of an attack after a network or system has been breached. Finally, recovery deals with the aftermath of an attack, including the restoration of affected systems and getting operations back up and running quickly.
Establishing a Cyber Resiliency Plan
Just as companies have resiliency plans for critical business infrastructure, it’s important to have one for data and technology to protect against threats. For example, one of the most common cyberattacks is ransomware, a type of malware that blocks access to data until an individual or organization pays a sum of money. Unfortunately, paying the ransom is no guarantee that the data will be unlocked or returned, so it’s best to have a plan for dealing with an attack before it occurs. Here are a few considerations to keep in mind:
- Ensure your company’s data is backed up so you can restore your systems if they’re locked or deleted.
- Have a plan in place that includes how long your business could survive an extended outage.
- If your company doesn’t have backups, it’s possible an external information technology (IT) forensics team can help recover and restore lost data after an attack.
Partners in Crime Prevention
Cybersecurity has become a team sport. Building relationships with law enforcement and getting involved with trade organizations can help boost the security of your business. Participating in an information sharing and analysis center (ISAC) is a great way to share threat information within a certain industry or sector and respond to attacks collectively.
What Are ISACs?
Originally founded in the late 1990s, ISACs are collaborative private-public partnerships that gather and facilitate the exchange of information on cybersecurity threats and best practices. JPMorgan Chase is part of the Financial Services Information Sharing and Analysis Center (FS-ISAC), an industry consortium dedicated to reducing cyber risk in the global financial system.
How Companies of All Sizes Can Protect Themselves
Although small and midsized organizations often have fewer cybersecurity resources than larger corporations, they can still be proactive against potential threats by building or expanding their IT programs.
Assign someone to develop cybersecurity controls and manage IT risk.
IT security frameworks can help the person or team delegated to managing risk build the necessary cybersecurity policies and procedures.
Implement your framework so it can defend against the most prevalent attacks.
Smaller companies may actually stay more secure by storing data on a public cloud rather than on their own servers.