Leaders: Ask Yourself These Questions to Assess Your Data Breach Risk
Another day, another data breach. We have already seen several major ones during the first month of 2021. A database maintained by an online photo editing app containing 1.9 million user records was hacked on Jan. 20, 2021. Order information for 7 million customers of a men’s clothing retailer was hacked two days later and posted on a hacker forum where anyone could obtain it.
The Cost of a Data Breach
The 2020 Cost of a Data Breach Report, a study conducted by IBM, put a price tag on data breaches. Specifically:
- The average cost of a data breach is $3.86 million.
- 80% of data breaches resulted in the exposure of customers’ personally identifiable information—the most expensive type of breach to remedy.
- Stolen or compromised employee credentials and cloud misconfigurations are the most common causes of data breaches, with 40% of breaches caused by these incidences.
- Misconfigured cloud networks increased data breach costs by half a million dollars.
Statistics like these make it clear that cybersecurity should be an important part of every organization’s operating plan. That’s why ensuring a well-protected network starts at the top. Here are five key cybersecurity questions that leadership cannot afford to ignore.
Question #1: Is your executive leadership informed about cyber risks that threaten the company?
Timely reporting to leadership should be built into the strategic framework for managing the enterprise. Cybersecurity is about managing risk. A data breach can have dire consequences, which makes managing cybersecurity risk a critical part of an organization’s governance, risk management and business continuity framework. Early response actions can limit or even prevent possible damage.
The CEO, CIO, business leaders, continuity planners, system operators, general counsel and public affairs should be part of the chain of communications.
Question #2: What is our exposure to cyber risk, the potential impact of a breach and our plan for addressing both?
Identifying critical assets and associated impacts from cyber threats is critical to understanding financial, competitive, reputational or regulatory risk exposure. This will help you identify and prioritize specific protective measures, allocating resources, informing long-term investments and developing policies and strategies to manage cyber risks at an acceptable level.
Question #3: How does our cybersecurity program apply industry standards and best practices?
A comprehensive cybersecurity program leverages industry standards and best practices to protect systems, detect potential problems and enable timely response and recovery. While compliance requirements help establish a cybersecurity baseline to address known vulnerabilities, they don’t adequately address new and dynamic threats or sophisticated adversaries. Using a risk-based approach to apply cybersecurity standards and practices allows for more comprehensive and cost-effective management of cyber risks than compliance activities alone.
Question #4: How many cyber incidents is normal for us? At what point should executive leadership be informed?
This question is often asked—and often answered incorrectly. The problem is knowing what constitutes a cyber incident. All internet connected devices are under a constant attack. Countless automated spiders crawl the web looking for exposed computers, launching vulnerability scans and publishing information for bad actors to exploit.
The question leaders should ask is, ”How do we know when an attack is successful?” Effective logging and alerting is critical for any successful cyber incident response plan, as is the established process to review the logs for anomalous entries that may not have triggered an alert. Any successful attack should be classified as to severity and reported to the executive leadership.
Question #5: How comprehensive is our cyber incident response plan? How often is it tested?
Even a well-defended organization will experience a cyber incident at some point. When network defenses are penetrated, the leadership group should be prepared with a Plan B. Documented cyber incident response plans that are practiced regularly help enable timely response and minimize impacts.
A good way to establish updated security protocols is to have a third party perform an assessment of your network. This can show you where you stand and provide insights to a solid plan of action before an attacker is successful.
Devise a Cybersecurity Plan Now
When it comes to cybercrime and data breaches, it’s not a question of if, but when. So now is the time to devise a plan for how your organization will deal with a data breach when one occurs.
Plan now to meet with your key leaders to discuss these and other critical cybersecurity questions. If you don’t have adequate answers to them now, commit to doing whatever it takes to get answers before your organization is the victim of a data breach. Your technology solutions consultant can help you in these and other efforts to reduce your cyber risk.