How to effectively target your risks

Cyber protection is never a ‘set and forget’ situation, and never drop your guard in the face of economic uncertainty.

type
Boardroom article
author
By Peter Bailey, Regional Business Manager, Cyber Security, Kordia
date
31 Mar 2023
read time
3 min to read
game over

Working in cyber security, you might expect me to say “cyber security should be your top priority”. But the reality is that directors have many competing responsibilities – cyber is certainly among them – and we have to be realistic that the top priorities shift, especially when navigating uncertain and difficult times.

Despite encouraging signs from some players in the global economy, there is a distinct possibility of recession in New Zealand through 2023. Whether or not the economy contracts, a wide cross section of business owners and directors are front-footing it by hoping for the best but planning for the worst.

Our businesses have just been through three years of truly terrible times. While economic impacts through any major event are uneven, with some prospering but many suffering awfully, the bigger picture really is one of pain. Belt- tightening in these circumstances isn’t just understandable, it is essential for long-term longevity.

Running the ruler over all expenses is never a bad thing, and it is likely that budgets pertaining to IT and information security are among the expenditures under review – after all, financial wellbeing must come first. When considering what costs need to be trimmed, bear in mind that cyber security is a fundamental part of running businesses today and is a constantly changing risk that needs to be built into your risk profile.

Cybercriminals aren’t immune from what’s going on in the world either. For many, cybercrime isn’t a hobby or pastime, it’s a full-time job. In some cases, cybercrime is committed by people working in brick and mortar offices, within organisations structured in much the same way as legitimate corporations.

This means cybercriminals are always hard at work, looking for opportunities and victims from whom they can extract money, especially in difficult economic times.

Cyber protection is never a ‘set and forget’ situation. Over the past three years, many companies have stepped up the focus on cyber security in the wake of the sudden (and now enduring) shift to work-from- home arrangements, and in response to escalating cyber breaches.

“The susceptibility of employees to social engineering never goes away. Even as new tools emerge which could enhance hackers’ ability to get into your systems, it’s still human ingenuity and human infallibility posing the biggest threat.”

By now, it’s well known these shifts changed and expanded the threat surface, with many scrambling to apply the necessary attention to security provisions. Most have now made those necessary investments and adjustments.

But these adjustments and investments aren’t one-offs. Whether operating individually or in organised groups, cybercriminals never rest on their laurels. Their methods, tools and ingenuity constantly evolve as they seek out new ways of getting into your systems (and bank balance). The technology we use also evolves constantly, along with the way we use it. This exposes or creates new weaknesses which must be addressed to stay a step ahead of the attackers.

And then there’s the people factor. Human error is variously estimated to be behind 80 per cent to 95 per cent of cyber breaches, according to the Verizon 2022 Data Breach Investigations Report and IBM Security Services 2014 Cyber Security Intelligence Index Report. The susceptibility of employees to social engineering never goes away. Even as new tools emerge which could enhance hackers’ ability to get into your systems, it’s still human ingenuity and human infallibility posing the biggest threat.

Sound advice in a tightening market

Cyber security is very much a journey and not a destination. Never drop your guard in the face of economic uncertainty because any interruption or financial loss is likely to be felt far more keenly when the cupboard is already bare.

The key to protecting your cyber security is a sharp and unrelenting focus on the basics, including:

  • A risk-based plan.
  • Updated and appropriate software.
  • Firewalls and software configured to take advantage of built-in features such as multi-factor authentication.
  • Determining which applications and assets are essential and protect them accordingly.
  • Creating a risk register, identifying the top risks faced by your organisation and spelling out how to mitigate them.
  • Conducting a review of all tools and services in place and any that are unnecessary or duplicated.

A threat assessment in what is a constantly changing environment is advisable and may influence adjustments to the services and tools in your inventory. Consider outsourcing part or all of your cyber security requirements. This can help with costs in some circumstances, provides flexibility, and standards-based services for peace of mind. When doing this, always ensure you are maintaining a suitable security posture.

I’m not telling you to make cyber security your main priority during these difficult times. But do examine your spend and make sure you are focused on the right areas.

Knowing your cyber security is taken care of shouldn’t be an afterthought. Even if the economy is retreating, the hackers aren’t slowing down. 


kordia logo