Leaders Must Apply Business Logic When Tackling Cyber Attackers
Nehal Thakore, Country Head UK at CyberCompare
It is no secret that cyberattacks are a growing threat to businesses, organisations and governments everywhere. Where once digital adoption was a choice, it is now a necessity – and comes with a whole host of risks.
Inevitably, cybercrime has become ubiquitous. According to recent government statistics, there were approximately 2.39 million instances of cybercrime in the UK last year, with 26% of medium businesses and 37% of large businesses directly impacted by cyberattacks over the last 12 months.
It seems that everyone knows organisations that have already been victims to some form of cyberattack, while every C-suite leader with an IT department has had the status quo of protection measures provided to them. For established business leaders, the issue of cybersecurity can seem overly complex and feel like unfamiliar territory, often making them feel disempowered.
The classic notion of cyberattacks perpetuated in the media does not help to ease the concerns of the corporate world. The term ‘cyberattacker’ often conjures a very particular image of this mysterious perpetrator: we’re all too familiar with the trope of the hooded figure behind their lone keyboard, wreaking havoc on corporate ecosystems for kicks by the dim glow of their screens.
The truth is though that, far from being lone agents of chaos lurking in solitary anonymity, cyberattacks come in a wide variety of guises; from unwitting colleagues and contractors who cause breaches through accident or negligence, to savvy, sometimes state-sponsored, career cybercriminals who form part of a much larger ecosystem.
For leaders to adequately tackle cybersecurity risks within their business, they need to reframe how they approach the challenges of cyberattacks. Luckily, they are already equipped with the expertise they need to take back control within an ever-evolving landscape – their natural business acumen.
With professional cybercrime, attackers are almost always part of a much larger operation, following a tried-and-tested business logic to achieve desired outcomes. Just like any other enterprise, malicious cyberattackers often have a target ROI, and aim to operate as efficiently as possible i.e. placing ransomware at a low effort and hoping for high returns.
For cybersecurity to be effective, it should be approached just like any other business challenge or obstacle. CEOs and senior management need to draw on the fundamental skills that made them successful business leaders in the first place to understand the challenges of cybersecurity.
Cybersecurity risks and weaknesses within a business should be identified, assessed, and planned for, and ‘competitors’ – or in this case, professional cyberattackers – should be thoroughly understood by business leaders, by leaders, with cybersecurity strategies and processes regularly reviewed by an independent party to ensure their continued value. The period after a cyberattack also provides an opportunity for companies to reevaluate their existing cybersecurity systems and see if they are still fit for purpose.
The primary attack vector of cyber criminals has remained the attack on the so-called “human firewall” aka the employee. Through sophisticated phishing, infected emails are smuggled into the organisation, or login information is captured. With increasing pressures on organisations – things like tough economic conditions and talent shortages – unfortunately the ‘wrong click’ can happen quickly in the stress of everyday life.
Understanding where these specific pain points might be, allows leaders to take measures to ensure their staff have the best possible chance of learning how to avoid security pitfalls. Just as a company would invest in ongoing training to sustain high performance, so too should businesses have a commitment to providing regular security awareness and training to mitigate cybersecurity risks. This may involve hiring an independent consultancy specialised in comparing quality vendors to identify the right package for a business.
In the same way a business analyses the market it operates in, its main competitors and their motives, companies should approach cybersecurity measures in the same way and with equal rigour. By truly understanding the value your data or operations hold in the eyes of cyberattackers, leaders can approach cybersecurity with pragmatism and business sense.
To find out where to start or continue with your cybersecurity roadmap see CyberCompare’s 2.0 White Paper.