A new survey conducted by Microsoft and Marsh found that two-thirds of 1,300 senior executives polled said cybersecurity was a top five risk management priority for their company. But while companies fear the impact of a cyberattack, only 30 percent have a plan to respond to one.
Businesses of all sizes can start on a cyberattack response and prevention plan by identifying vulnerabilities. IT and security departments should run regular tests to identify weaknesses and strengthen the security program.
Once you know how the organization will respond to an attack on the individual level, start fixing holes. Continually testing and retraining will keep users on their toes.
Take stock of company hardware devices and critical applications and rank them based on value to the organization. This will help you determine where security efforts should be a greater focus.
Look at the structuring and segmenting of your company’s networks as well. Instead of only building a perimeter of defenses, layer them through the network. Otherwise, you’ll have a “hard candy shell, soft center lollipop” defense.
When a breach happens, the first steps any company should take are basic – notify the legal team to determine legal risks and fallout and be transparent. Once you know what information should be made public, immediately inform shareholders, employees and customers. Also contact an outside security team that can work with your internal departments to determine what went wrong and build better defenses.
It is better to spend money on cyber defense upfront than try and clean up and rebuild reputation after a breach.