Sunday, December 5, 2021

Organizations need to get the cyberattack threat under control – Douglas McLachlan

- Advertisement -
- Advertisement -

Almost every day brings new news about a growing list of companies and other organizations that have been victims of a cyber attack or data breach, but who is behind it?

There is no answer. Some perpetrators are organized criminals who have moved online. They found that robbing a database can be far more lucrative (and less risky) for them than robbing a bank.

Some are hackers with different levels of expertise. Ask anyone to imagine a hacker and it’s usually a teenage computer genius in a hoodie sitting in a darkened bedroom that comes to mind. The truth is that free online tools can turn almost anyone into a successful hacker.

Then there is the resentful employee who wants to steal or disclose company secrets or data. Or maybe you are a corporate spy? Or a foreign agent?

Or … maybe it is you? Have you ever accidentally sent a business email to the wrong recipient? The dangers of autofill can turn all of us into data leaks.

Companies need to get a grip on all of these “threat vectors” quickly. If your company hasn’t thought about this yet, it might just be a matter of time. Imagine how you would feel if every email your company ever sent was posted online – or tricked one of your finance workers into transferring money to the wrong account?

The good news is that there are more and more free resources and (paid) service providers out there to help. The National Cyber ​​Security Center has excellent resources, and the Cyber ​​Essentials self-assessment option is easy to follow and can help you protect yourself from a variety of the most common cyberattacks. This is a good start, but if you really want to reassure your customers that you are working to protect their data, do a hands-on technical review and get Cyber ​​Essentials Plus certified. Some government contracts now require it.

There is a growing industry of cybersecurity specialists, accountants, white hat hackers and penetration testers helping companies counter cyber threats. And every company should ask themselves whether they need cyber insurance.

In Scotland, this growing cybersecurity ecosystem has been immensely supported by the presence of Edinburgh Napier University’s Cyber ​​Academy. Even the Law Society of Scotland is active in this area, offering lawyers like me the opportunity to become a Certified Specialist in Cyber ​​Security.

In the meantime, what can you do to prepare for a cyber incident? First of all, determine where you are keeping your data. If you don’t even know where it is, how can you protect it? Regularly backing up your data and patching your computer’s operating systems is also essential. Consider migrating your data to the cloud. Google and Amazon have an army of cybersecurity specialists to keep your cloud computing data safe. Who do you have?

It is also a good idea to develop a cyber incident response plan in advance. Just as you plan and prepare for a fire alarm, you should plan and prepare for a cyber incident as well. Everyone should know in advance what role to play and what to do. You should follow ready-made “playbooks” to keep improvisation to a minimum. In cybersecurity, pressure doesn’t make diamonds – it makes mistakes!

Don’t make the mistake of thinking it’s an IT problem. It’s a management problem. More specifically, it is your management problem. Be part of the solution.

Douglas McLachlan is Partner and Head of Data & Technology, Anderson Strathern

- Advertisement -
Latest news
- Advertisement -
Related news
- Advertisement -


Please enter your comment!
Please enter your name here