Cyber attacks are inevitable. Yes, you will be attacked. This is not hyperbole. Listen to what the Director of the FBI said, “there are two kinds of companies, those who know they have been attacked and those that don’t know yet”. There is a lot in that statement. Also to make things worse the NetIQ 2015 Cyberthreat Defense Report found that 1 in 3 of companies do not have a Written Information Security Policy at all. This is truly an amazing statistic considering what is at stake, and how persistent these attacks have become. Where is the plan? Where is the policies to deal with this inevitable risk?
Being Prepared Is Most Of The Battle
He is not saying you, could get attacked, or there is a good chance you will get attacked. He is saying you have already been attacked and you don’t even know it. And the way the cyber criminals work is that they are patient and they are opportunistic. What does that mean? This means that the attack is embedded in your system already. You cannot detect it and it is laying in wait until just the right hole opens up. Or a certain IT maintenance window is implemented, or an employee executes a file. Then they strike and then it is too late. Preparation can deal with this before it becomes a serious situation.
Being Able To Respond
Then when the attack becomes apparent. How do you respond? Do you use your overworked IT staff to attempt to handle it? And then go for help when that does not work? Or do you hire the biggest name and largest security firm you can find? Spend ridiculous amounts of money to get back on track? If your peers are any indication of how this goes you will. And these calls in the middle of the night are not the ones you want to make.
A better and more sane way to handle this is long before the breach. Have a plan in place to deal with attacks as well as breaches. Proactively detect and go after existing attacks before they become major breaches. And have a set of rules and procedures to prevent them in the future. A heck of a lot easier and less costly. There are ways to deal with these attacks. They just have to be implemented, and executed in an efficient and consistent manner. This can bring real value to your organization. And give you the peace of mind to pursue your business goals.