8028244268?profile=originalCyberattack prevention measures will always be necessary. The constant threat of data breaches and other hacks is simply a fact of business. Priority targets are no longer limited to retailers and banks; insurers, hospitals, energy producers, and (most recently) a host of law firms are all at risk.

“Hackers broke into the computer networks at some of the country’s most prestigious law firms,” according to The Wall Street Journal. This doesn’t come as much of a surprise: What do organizations like banks, insurers, hospitals, and law firms all have in common? Repositories of sensitive data.

This data does include personally identifiable information (PII) such as credit card info and social security numbers, but that’s old news. The “bigger fish” is confidential corporate information – data about M&As that might be used for insider trading, for example.

Clients (and potential clients) have been understandably concerned about the security of their information. As a result, they are spending more time and resources doing their homework. How do the firms they’re considering patronizing handle cybersecurity? Are they keeping up with recent trends, like phishing attacks and ransomware?

When it comes to such sensitive info, it’s clearly better to beef up cyberattack prevention measures instead of the ability to reduce fallout after an attack. And yet it often takes a headline event to galvanize organizations into action.

Take Action on Cyberattack Prevention

The first order of business is to accept that addressing these risks is obligatory. As we discussed earlier this monthall companies are now being held liable for their security procedures. Perhaps more importantly, this liability exists even if no breach ever occurs. Dwolla, for example, was hit with a major penalty for its negligent cyberattack prevention strategy.

Also consider that “Hackers often steal large amounts of information indiscriminately and then analyze it later to see how it could be useful…”. In other words, even if you think all your data would be useless to a hacker, you’re still at risk of suffering all the consequences of a major cyberattack.

The only way to keep up with evolving attacks is with a holistic approach to security. All departments should be on the same page, informing everyone from managers to front-line employees about password and network policy (basic cyberattack prevention), slightly suspicious emails (signs of attempted phishing attacks), etc.

Protecting the "Front Door" Isn't Enough

Traditional cybersecurity measures revolve around the protection of the so-called “front door.” We’re conditioned to look out, rather than in, for threats. After all, hackers and other criminals are external threats, so the best form of protection is logically a barricade in the form of advanced firewalls and malware scans.

These days, however, reinforcing the front door is not a sufficient cyberattack prevention plan. Wide-reaching attacks like phishing emails and ransomware make every single employee a risk. This is a holistic governance-function issue that won’t be solved by buying a new piece of hardware. Seemingly innocent emails may contain only subtle red flags, fooling victims into thinking they’re legitimate. It’s certainly an IT problem, but it also extends to vendor management (are your vendors’ standards up to yours?), incident management (if there is an attack or an attempted attack, how do you cascade it out to the rest of the organization?), and compliance.

Enterprise risk management software offers the only solution – the problem itself is an enterprise-wide problem. Everyone needs to be on the lookout for things like suspicious emails, and everyone needs to know how to react. ERM facilitates the whole cyberattack prevention process because it:

  1. Helps each department identify its vulnerabilities with industry-specific, root-cause risk libraries;
  2. Ensures every department is performing this analysis with the same criteria, framework, and timeline, making collaboration easy;
  3. Reveals how department-specific approaches leave certain vulnerabilities unanswered, as well as which risks are already being covered by another department’s mitigations;
  4. Makes it straightforward to engage risk assessments and send reports back and forth from senior management to front-line employees (and everyone in between);
  5. Allows risk assessments, control documentation, and monitoring automation to evolve as new threats emerge.

Download LogicManager’s whitepaper on IT Governance and Security to learn more about how a risk-based approach can help you strengthen your cyberattack prevention strategy.

Votes: 0
E-mail me when people leave their comments –

Steven Minsky, CEO and Founder of LogicManager, is a recognized thought leader in risk management. Steven is well known for his precinct abilities to guide organizations through future risk events. Steven is a frequent speaker in the Energy, Financial Services and Cyber industries. While the first wave of COVID-19 caught many organizations by surprise, Steven predicted the pandemic impacts in January of 2020 and swiftly published action plans to help organizations prepare.

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!