Why every business needs a cybersecurity plan
Nine percent of Canadian IT security professionals don’t believe their organizations will fall victim to a cyberattack, despite a rash of high-profile incidents in recent years. That was one of the findings of security firm Trustwave 2017 Security Pressures Report.
Smaller businesses often feel they’re too low-profile to be a cyberattack victim, said Stewart Cawthray, General Manager, Enterprise Security at Rogers Communications. But any firm can be a potential target.
“Take Distributed Denial of Service (DDoS) attacks,” he explained. “Many companies don’t feel they’ll ever be victimized by an attack because they don’t have any big-brand recognition. But all it takes is one disgruntled employee or customer who decides to spend five dollars and your Internet connection is knocked out for a day.”
The bottom line, Cawthray said, is that if online or IT is an important part of a company’s operations, they need to be secure, no matter how small the firm.
“Some people look at security as insurance,” he noted. “It’s not insurance. It’s a fundamental requirement to ensure your business’s ability to function.”
The most anxiety-causing cyberattack outcomes and the percentage of Canadian survey respondents citing them as a concern in the Trustwave survey include:
· Customer data theft – 36 percent
· Intellectual property theft – 17 percent
· Data system access restricted due to ransomware – 15 percent
· DDoS attack – 13 percent
· Reputation damage – nine percent
A security plan that identifies the controls a company requires to keep its business running is the most effective protection against a cyberattack, Cawthray said. It sounds simple, but too often organizations buy new products without thinking about how those products fit into an overall strategy.
“Don’t buy technology and then try to find a problem to solve with it,” he explained. “Identify your security priorities and then select technology that allows you to address those priorities. You may find that what you really need is a simple log manager, rather than a whiz-bang correlation engine.