IT-security: - Most companies waste their money
Many of those who work with cyber crime have time, money and other resources available. Therefore, it is easy for criminals to find a security hole if one exists. Their target is often to exploit sensitive information, stop business processes or blackmail the organization for money.
And the worst is: you get no warning.
The level of expertise of IT-security is often not good enough. Most businesses waste their money when buying IT-security solutions. Many buy the basic solutions, which do not help without a risk analysis. It can take days to get everything up and running the day every screen is black and nothing works. For that reason, it is important to have done an assessment of which data and systems are most important to save beforehand.
A risk assessment is the first thing we do when a new partnership begins. This is to discover weaknesses, what needs to be prioritized, and in the end figure out which control mechanisms that should be phased in. Thereafter, a decision on which standard to work by must be selected. This is to be able to measure results.
Criminals attack the weakest in the room
You are most likely wrong if you think your organization never will be a victim of cybercrime. The criminals will always try to find the weakest link in the room. The easiest route to success for the cybercriminals is often through a supplier or partner – someone the target trusts. The criminal can get a ‘foot through the door’ using a machine or attachment from someone, which can be taken further in the communication to those who are the real target. This is a common way to attach.
It is crucial to create a culture within the organization where employees are conscious of which threats exist. By doing so, people will know which traps one can get into. Being aware and taking precautions means employees will be less relaxed and more conscious when opening e-mails. Training each employee holds great value, maybe even greater than any software can buy.
More than 90% of leaders is not prepared how to handle a cyber attack
Who is responsible?
More than 90% of leaders is not prepared how to handle a cyber attack and more than 40% think they are not responsible when such an attack happens.
By not responsibly managing your organizations valuables, you are breaking the law in many countries. Vulnerability management and risk assessment of the organization is necessary to correctly and responsibly manage your organization. This is of extreme importance, and it is shocking how few actually go through with a process like this. Breaking laws like GDPR can have big economical consequences. Surprisingly, most leaders are not aware of this risk and do not know what dangers they need to protect their organization against.
Working purposefully with safety will enable you to maintain control mechanisms. By not doing so, and instead engaging in some sort of cat and mouse game with criminals, you will quickly fall behind the criminals. In doing so, you will always be in the danger zone of a new attack.
Do you wish to learn more about how our security experts can help you make profitable and smart IT-security choices? Contact us and schedule an informal chat.
Roger Ison- Haug, Cyber Security Practice Leader, Pedab Group