Tuesday, December 6, 2022

Cyber Security Hat Tricks – How to play it safe as a team!

Most cyber experts will be quick to talk about the different types of cyber-attacks but what about the reasons behind the attacks in 2022?

Here are the top 3 reasons in 2022.

  1. Money – In October 2022, data breaches alone cost businesses an average of $4.35 million. The average phishing scam costs on average over $70,000 per successful attacks and in most cases, employee or company data was accessed as part of a

larger breach with a company’s vendor.

  1. Personal – Recognition of skills, political causes/beliefs, corporate sabotage and the rise of cancel culture
  2. Human Nature – Too often we see attacks that aren’t actually attacks, they are employees covering up a mistake or someone has skirted policy allowing accidental data Corporate culture is one of the best tools you have against cyber-attacks. Aligning your values with your noble purpose from the top down will help keep your team and customers safe.

One of the hardest things to do for most CIO’s is having to play the cybersecurity goalie for the company, it makes them be perceived as the bad guy for saying no to ideas or tools that could ultimately put the company at risk. Often times, all that stress of saying no leads to burnout of your IT team and people try to remove them from the equation which creates huge risk. It’s really hard to protect the company if you have limited visibility on the entire ecosystem.

We are currently in the perfect storm for increased Cyber Attacks as we approach 2023. One major reason is that during Covid ‘The

Great Resignation’ movement gained momentum which saw an unprecedented amount of unqualified Cyber Security consultants

offering discounted. Add in reduced staff, hybrid working conditions, reduced budgets and civil wars within office culture on when and if people should return to the office, it sets most businesses up for huge risk in the coming year. The best way to mitigate this risk is ensure that before your teams leave for the holidays that you invest some time addressing some of the biggest internal causes of a cyber breach.

Starting by understanding that your brand identity is more critical now than ever before. Take a moment to do a daylight test scenario with your leadership teams. Walk them through what a breach could result in and how much harder it would be for sales and marketing to gain back customer trust after they were named in a news article. How would the CEO answer when asked what he did to keep their customers safe?  Or did they know about the risks?

How would you hit your annual targets with the reduction in revenue and loss of budget that a breach causes and what would you prioritize to save revenue while you fix issues that should have already been fixed? Walk them through the problem by giving them examples of breaches in your peer group.

Finally walk them through the problems you know about and propose solutions to show them how if you work as a team and address some of the issues. Start with these 3 points so you can honestly say you did your best to protect your team and your customers.

3 points to review with your team to help keep your ecosystem safe.

  1. Shiny Object Syndrome – There is so much information and the temptation to find a ‘Magic Bullet’ that will save countless hours of work or help drive up conversion rates is They often end up just being malware in sheep’s

clothing or at best a huge time waste. Train your team to use a proper vetting process for any new software or tools request.

Create a vendor assessment form that ensures that it’s safe and it creates ownership and accountability that everything introduced into your ecosystem has been tested to be safe and will actually add value.

  1. Culture – Cyber Security is a team sport! Leaders need to set the example by following the security rules and policies in place and encourage a top-down approach. It really helps to adopt a People, Process and Tech approach to every and all problems, products and resources, employee and vendor selection to ensure that you have the best solutions in place. The most important part of changing the culture is to stop making it a war between departments, it should never be “we do this cool new thing or generate x amount of revenue but only if we scrap

security because it takes too long or costs too much.” It needs to be part of the planning and it needs dedicated resources, either through internal or in some cases external services but it needs to be part of your delivery cycle.

  1. Knowledge and Training – It is critical that you have a baseline for how cyber aware your team is; Do they understand the risks and what that could mean if there was a breach? Run quarterly tests to ensure that your team is aware of security policies, is aware of resources and procedures in place. Work with your finance teams to spot apps and credit purchases on corporate cards and validate them against the IT approval process. Provide mandatory training for everyone that works on your team and encourage people to speak up when they see something that puts security at risk. Work with an external security company that can audit your systems at least twice a

Remember in 2023 your company will face new challenges that will ask more of your teams than ever before. For example, if one of your employees uses an app while they are working from home and that app or tool was breached, they now have user data and a way to social engineer or attempt a MITM (Man-in-the-middle) attack that puts your business and customers at risk.

Stay safe!