Cyber security, or “the cyber” Donald Trump has referred to it, is the effort to protect electronic devices and the infrastructure that supports them, from a host of physical and computerized threats.
With the increasingly growth of global e-commerce and electronically available consumer data, many businesses have actually become targets for cyber security attacks. Consider, for example, just a few of the companies who’ve received data breaches this year:
So, what does all of this really mean for businesses? For example, In September, the New York State Department of Financial Services proposed sweeping new cyber security rules.
And yet, regulations alone won’t protect businesses or their customers from cyber-attacks. Therefore, as cyber-attacks become more imminent and widespread, businesses and organizations should take action to protect themselves and their customers by considering three important questions:
- What really are your assets?
Every business always has assets. For some, it’s their brand. For others, it’s the “secret recipe” for the product or service they sell. For others, it’s their customer data. For certain businesses, it’s all three of these things.
Either way, as a starting point, all businesses should enumerate their most prized possessions. What are the crown valuable of the company? What does the business value the most? Take some time to consider these questions. Then, as a next step, determine the level of protections that you want to manage.
- What are those identified threats?
As all businesses has assets, so do all businesses face threats? And the threats, vary depending on the business.
Most businesses face the threat of competitors. But some face threats from cyber criminals who want to steal their money. Others, such as tech companies, face threats from competitors that seek to steal their intellectual property.
The bullets below summarize the multiple threat categories that exist.
- Nation-states (e.g., China, Russia, and other countries that facilitate cyber-attacks to procure data)
- Cyber criminals (e.g., organized crime syndicates that use cyber theft to make money)
- Hacktivists (e.g., people with a bone to pick that use hacking to make a statement)<%2hacking to make a statement)
- Casual Hackers/Lone wolves (e.g., people who hack out of curiosity, but sometimes help cyber criminals)
- Inside threats (e.g., disgruntled employees seeking to steal money and/or make a statement)
- Given the different threat categories, it can be difficult to figure out which threats might apply to your business. So businesses of all sizes should consider contacting cyber security vendors for help with threat identification. Additionally, businesses may use the NIST cyber threat self-assessment guide.
- What are your weaknesses?
When threats have been identified and probably handled, identifying your weaknesses and vulnerabilities becomes the next rational thing to do. This involving discovering how and extent the threats identified above can affect your business. For instance, can cyber criminals hack into your database to steal the credit card details of your customers stored electronically? Is it remotely possible that a competitor can use your company website to get sensitive and and higly classified information? The answers to these questions and likely questions will enable identify your weaknesses and vulnerabilities. On the other hand, it is still best for companies to consult experts on cyber security to access these vulnerabilities and for risk assessment.