Just weeks after implementing an incident response framework and conducting the first cybersecurity incident response team exercise for a client, they faced a real business email compromise attempt. The attackers were trying to steal tens of thousands of pounds. My heart sank when my client first told me about the incident. However, my client went on to say that thanks to the recent training, the team's heightened vigilance led to quick detection. They swung into action using the framework and successfully foiled the fraudsters' plans. This single incident saved them from tens of thousands of pounds and immeasurable reputational damage. What struck me was that I could hear a newfound confidence in their voice. They felt well prepared and in control. It was a 'proud mum' moment for me and serves to reinforce why rehearsing your organisation's cybersecurity incident response process is one of the most important cybersecurity strategies.
Robust defense mechanisms are essential to protect against cyber threats. For instance, intrusion detection systems that help prevent unauthorized access and monitor network traffic for suspicious activity. Multi-factor authentication is being used by your banks for a reason; it adds an extra layer of security, making it harder for attackers to gain access to sensitive systems and data. Proper cyber hygiene practices, such as using anti-malware, supported operating systems and software, and frequent patching, are critical, but easy ways to protect against known exploitable vulnerabilities. And don’t minimize the importance of your staff – people are often the last line of defense; a comprehensive and engaging security awareness and training program, including anti-phishing exercises, creates a culture of security. This helps employees identify suspicious activity and report it to the security team. In my opinion, the most often overlooked risk is your third- and yes, fourth parties– they have access to your data and systems – do risk assessments, monitor them, and make sure they have good security controls in place. Finally, incident response and disaster recovery plans, must be practiced regularly and involving cross-functional teams as well as the C-suite. This is paramount to organizational resilience when, not if, a cyber-attack occurs.
I am incredibly proud to have implemented and operationalized the Cybersecurity Risk Management program for Treasure Data. This program aims to foster a culture of security and accountability among all executives. It has shifted the conversation and decision-making process away from being unilateral within the IT and Security space. Instead, the relevant stakeholders are now involved in determining the company's risk tolerance. When my team identifies inherent and residual risks within our systems, we collectively discuss how to address these business (financial, operational, technical, legal, and trust) risks to stay within our risk tolerance. This program not only provides visibility of risks to top-level management but also advances discussions about ownership, resource investment, and bringing risks within our preferred tolerance. Companies that act on risks without a risk management program are doing a disservice to their shareholders.
Organizational risk is challenging to quantify and fully mitigate. It involves balancing “how much is good enough,” the cost of mitigation, and the operational impacts of those mitigations. The critical task of determining “how much is good enough” is a judgement call by an organization’s CISO with, hopefully, lots of input and discussion among the organization’s senior leadership team. The first and most important step in risk management is to identify the organization's top risks and establish its risk tolerance. I refer to these top risks as “extinction events” – things like a major data breach, ransomware, or supply chain attack that would be painful for an organization to survive. From this identification, cybersecurity strategies can be developed to reduce risk to acceptable levels. For SaaS providers, cybersecurity strategies should include a mix of hardening the environment against known attack vectors, actively monitoring for anomalous activity, and having a well-rehearsed incident response plan that allows your organization to quickly respond to an attack and minimize damage to your customers and the organization. About Chris Kubic Chris Kubic is chief information security officer (CISO) at Euna Solutions, a provider of purpose-built, cloud-based solutions that power critical administrative functions and financial operations for the public sector. He previously served for more than 30 years at the National Security Agency (NSA), including four years as NSA CISO where he was responsible for developing and executing NSA’s security strategy, architecture and roadmap for protecting and defending NSA information and systems from cyber threats.
Cybersecurity is vital due to the sensitive user and payment data involved. Failing to employ strong security measures can result in data breaches and financial losses. A key strategy is implementing Two-Factor Authentication (2FA) for all participants, which enhances security by requiring an additional verification method, such as a physical token or mobile app, alongside the standard username and password.
A specific cybersecurity strategy that significantly reduced risk for us involved implementing an advanced intrusion detection system (IDS) alongside regular, comprehensive staff training. After experiencing a minor data breach, it was evident that both our technical defenses and team awareness needed strengthening. We deployed an IDS that utilized machine learning to detect abnormal patterns and potential threats, dramatically enhancing our real-time response capabilities. Concurrently, we introduced monthly cybersecurity training sessions for all employees, focusing on phishing, password hygiene, and secure browsing practices. The combined approach not only fortified our defenses but also fostered a culture of security mindfulness. Six months into this initiative, an attempted attack was quickly identified and mitigated by the IDS, with employees correctly identifying and reporting suspicious activities. This incident underscored the value of our integrated strategy, significantly lowering our vulnerability to cyber threats. It was a clear demonstration that proactive technology deployment, coupled with informed and vigilant staff, can provide a robust shield against cyber risks.
We added multi-factor authentication (MFA) to all our systems. Now, even if someone steals a password, they need another code to get in. This has really cut down on unauthorized access.
Bolaji Dasilva CEO, Dasilva Consulting LLC Cybersecurity is paramount for organizations of all sizes. Implementing a robust strategy can significantly reduce business risk. Tailored security awareness training empowers employees to recognize and prevent threats. Regular risk assessments identify vulnerabilities and prioritize mitigation efforts. Finally, robust data protection safeguards sensitive information from breaches, ensuring business continuity and customer trust.
Implementing a multi-layered security approach significantly bolstered our defense against cyber threats. A standout example was when we integrated advanced threat detection software with our existing security systems. This addition not only provided real-time monitoring but also leveraged machine learning to identify unusual patterns and potential threats before they could escalate. Shortly after deployment, the system flagged a sophisticated phishing attempt targeting our executives. Thanks to the early detection and swift response, we prevented a potential breach that could have compromised sensitive information. This strategy demonstrated how investing in proactive, intelligent cybersecurity measures can drastically reduce risk and protect organizational assets.