TALKING
‘‘ business
Every enterprise needs a dedicated IT security lead in place with access to business leadership .
Learn self-defense
In the absence of a justice system that completely protects us from the bad guys , basic human survival instinct demands that we learn to defend ourselves . In the context of cybersecurity , that means focusing on a few fundamentals .
Firstly , every enterprise needs a dedicated IT security lead in place with access to business leadership and the authority to lead the security initiative . For smaller businesses , you absolutely need to have a resource with designated responsibility for cybersecurity and specializing in data protection .
Secondly , businesses need to practice impeccable digital hygiene . This includes mandatory training for all employees so that they recognize potential attacks , understand who to report them to , and understand why this is important . The more people buy-in to the need for good digital hygiene , the more alert and willing to take the blinkers off they become .
Finally , never ever pay the ransom . Organizations who pay ransoms feed the ‘ easy pay day ’ perception that means cybercriminals keep doing it . As soon as businesses stop paying ransoms , we ’ ll see a reduction in the popularity of ransomware as an extortion technique .
While businesses who suffer cyberattacks are indeed victims , they are responsible for protecting any data that they use , process and store . Paying off cybercriminals to get systems back online is an unsustainable defense strategy . As governments become more active in seeking to prevent the spread of ransomware , we may see businesses who do so investigated and reprimanded by independent regulators .
Clearly , dealing with the relentless and mass scale of cybercriminal activity against businesses and individuals will be an international effort across both the public and private sector .
While it is important that cybercrime is properly ‘ criminalized ’ and that the perpetrators are brought to justice , businesses must understand the responsibility they have to their customers and employees to protect any data within their jurisdiction .
This can only be done by implementing a Modern Data Protection strategy that combines effective frontline cybersecurity defenses with a comprehensive approach to data backup and Disaster Recovery . p
38 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com