For years, we broke news about various organizations becoming victims of data breaches, cyber attacks, spear phishing, and other cyber crimes. We feel sorry for these firms, as nobody deserves to be in a very humiliating and financially stressing situation such as becoming a victim of cybercrime. Today, it is fairly normal to hear this type of news on a daily basis, there are two possible scenarios:
- As if the cybercriminals seemed like taking over the world by storm.
- Organizations who fell for those campaigns were simply caught off-guard.
The reality is neither of the two can really explain the explosion of the number of cyber crimes happening, there is no exact science in order to determine the true cause. However, the basis of this article is to see the past in order to find a sweet spot when it comes to having a credible cybersecurity defense strategy. For a company that has thousands of employees, the economies-of-scale assures a worthwhile cost for acquiring a reliable cybersecurity defense, but for SMEs (Small and Medium Enterprises), the cost of Endpoint products and service may go beyond its budget.
Our point-blank response just accepts reality and maintains honesty with customers, suppliers, stockholders and other stakeholders in the company if something bad happens with a critical system. “Honesty is the best policy” is also the central principle that European Union promotes, given that their GDPR mandates all companies operating in the EU to disclose to them the breach or cyber attack they experienced within 72-hours.
Aside from honesty, the next best thing that will allow companies to survive the security paranoid climate is empowering office staff. The principle of taking care of your employees and they will take care of your business is a tried and tested principle in the standpoint of system security. Employees that are aware of their responsibility and obligation while using the corporate system is the worst enemies of virus authors and phishers, they will have a lesser tendency to trust opening stuff. The level of skepticism when they receive something, whether from someone they know or from a random source keeps the company from having to do damage control later due to a data breach.
It will only take one employee having admin privilege on one workstation in order for outsiders, especially malicious hackers from infiltrating the entire corporate network. The more popular the company brand is, the higher the chances of becoming a target of cybercrimes. The change within the organization for it to become cybersecurity-aware should be top-to-bottom. This starts with the products/services (if the company is a software vendor), as companies that have amazing products/services implements the “eat your own dog food.” That means the same products/services that the company sells to its customers, they also use internally. This keeps their developers on their toes of guaranteeing that the product/service is secure and respects user privacy as humanly possible. Corporate leadership being cybersecurity aware will be able to decide on the vision of the current and future products/services. As IT policies trickle from the top, especially from the CISO, it is better for companies to have leadership that are competent with cybersecurity issues.