Gray Analytics recognized as one of the Top Cybersecurity Companies by DesignRush
February 23, 2022What the New SEC Cybersecurity Proposal Means for Today
March 17, 2022By: Jay Town, Gray Analytics VP & General Counsel
Cyber threats continue to grow in sophistication and complexity as technology evolves. Businesses and agencies of all sizes are being affected, and inattentive or careless employees are one of the primary causes of data breaches at small-and medium-sized businesses. Training for cyber security is paramount in today’s world as the “Human Firewall” is likely the most important line of defense against future cyber incidents. A cyber-aware organization provides a level of defense that cannot be present without adequate training. It is the responsibility of every CEO, principal, and individual to familiarize themselves with the scope of today’s biggest cyber threats and the manner in which those cyber threats can be abated. Helping employees learn what to look for, what not to do, and what to do both proactively and in the event of a cyber-attack or breach will significantly reduce the risk of cyber-related incidents to your organization.
This can sound daunting! Thankfully, there are several practical steps business leaders can take to get their companies well on their way along the roadmap to cyber health.
Assessing the readiness of human capital and providing improvement strategies is the single most important factor in reducing the occurrences of cyber incidents across an organization. Gray Analytics’ extensive knowledge and experience in how people react to threats such as phishing attacks or business email compromise (BEC) will help you create solutions that provide the first line of defense against cyber threats.
Jay Town, former U.S. Attorney and Gray Analytics’ Vice President, General Counsel, and ChainShield™ Lead, has prepared a series on cybersecurity tips and best practices to help business leaders take the first steps to securing their operations. Learn more by reading our additional posts linked below.
Further reading:
- The 11 Critical Cybersecurity Questions Your Company Needs to be Asking Today
- How to Best Protect Your Organization Against Ransomware
- How to Stay Safe from Malware
What Can Business Leaders Do to Protect Their Organizations?
It is natural for business and agency leaders to focus on the corporate or government mission. However, in order to further that mission, it is vital for leaders to ensure that their network is capable of preventing or minimizing cyber-attacks.
Leaders should be considering the following questions about potential cybersecurity threats to their network:
- How can my business/agency create long-term resiliency to minimize our cybersecurity risks?
- Does my business/agency do enough to share the scope of cyber threats with our people, to include employee training?
- What critical information could be lost (e.g., trade secrets, customer data, research, personally identifiable information) in the event of a cyber-attack?
- How much productivity or money would I lose per day if my network were no longer accessible to me and my employees?
A critical next step is to broaden the dialogue about the above questions into actual conversations with management about your company’s cybersecurity risk and readiness:
- Is my budget sufficient for cybersecurity compared to the risks of a cyber-attack?
- What is the threshold for identifying cybersecurity threats?
- What is the current level of cybersecurity risk for our company/agency? What is the value of those risks in time, productivity, profit, community impact, etc.?
- How are we identifying risks?
- What is our Incident Response Plan should we suffer a cyber-attack? Is it sufficient?
- What cybersecurity training is available for our employees?
- What measures do we employ to mitigate insider threats? What more could we do?
- How does our cybersecurity program apply industry standards and best practices?
- How will our business/agency work continue if we suffer a cyber-attack?
- How prepared is my business/agency to work with federal, state, and local government cyber incident responders and investigators, as well as contract responders and the vendor community?
Today’s Biggest Cybersecurity Threats
The FBI has identified business email compromise (BEC) fraud as the #1 financial threat to businesses in the U.S. (LINK). A typical BEC scam attempts to trick an employee into wiring money to the attacker’s bank account. A single email can steal $500,000 in less time than it takes to read a blog post. BEC scams have caused upwards of $10.2 billion in global losses since 2015 (LINK).
Negligent employees are the top cause of data breaches at small-and medium-sized businesses across North America and the UK, according to a 2017 study (LINK). Of the 1,000 IT professionals surveyed, 54% said careless workers were the root cause of cybersecurity incidents, followed by poor password policies.
While cyberattacks on big, brand name companies are the ones that make the news, small businesses are becoming a favorite target of cyber criminals and are typically the least prepared to defend themselves. 43% of cyberattacks are aimed at small businesses, but only 14% of those small businesses are prepared to defend themselves. Regrettably, 60% of small businesses go out of business within six months after a cyberattack due to the rising cost—upwards of $200,000 on average—of an attack (LINK).
Comprehensive assessments of people, process, and technology are paramount to understanding the ability of an organization to detect, defend, and recover from a cyberattack. Gray Analytics provides the depth and breadth of expertise to review and understand your organization’s cyber landscape in all three domains.
Engaging with Gray Analytics’ team of experts to perform a comprehensive assessment of your operation can help you feel confident that risks to your business are clearly identified and effectively mitigated.