October is Cyber Security Awareness Month. What's Your Plan?

If you thought last year was a challenging year for cyber security, 2022 is proving to be even more difficult. Weekly cyberattacks jumped 42% across the globe this year, according to CheckPoint Research. The list of threats is long: supply chain attacks, ransomware threats, attacks on Costa Rican and Peruvian governments, and the fallout of perhaps one of the most serious zero-day vulnerabilities in history, Log4j, followed by the impact of the Russia-Ukraine war.

This article originally appeared in Security Magazine.

The past two years have seen a drastic shift in the way we work, with many organizations having to quickly make the move from an office-based environment to a hybrid work environment. Now, with hybrid ways of working becoming standard, leaders are focusing on digitally transforming their businesses to adapt to and compete in the new normal. Yet in the rush to adjust, they can forget a foundational and business-critical issue – cyber security.

With a record number of cyberattacks making national news, cybersecurity is top-of-mind for many business executives. Cyberattacks are becoming more complex, with new and improved malicious software evading detection systems and disabling or hindering business operations for organizations across the globe. An effective cybersecurity strategy begins with an understanding of the threat landscape, but it is only the first step. You must take proactive measures to ensure your organization is prepared for the inevitability of facing cyberthreats.

Global cyberattacks are becoming more widespread. The onslaught of online assaults we’ve seen five months into the year has made putting adequate measures in place to keep organization's critical information secure that much more critical. Harvard Business Review has stated that the "conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced." Accelerated cyberattacks are already underway directed at Ukraine and may expand to nation-states providing support to Ukraine, including the United States.

With the record number of cyberattacks making national news, cybersecurity is top-of-mind for many business executives—but an effective cybersecurity strategy involves more than just awareness of possible threats. It’s important that your organization is prepared for the inevitability of facing cyberthreats.

Hackers have upped the ante. Throughout 2021, cyber criminals grew more sophisticated, more organized, and more aggressive, using advanced techniques and cooperation among hacker groups to drive an unprecedented number of attacks. All told, the cost may tally an estimated $6 trillion in losses just this year, according to Cyber Security Ventures.

While the increased risk of cyber-attacks, further fueled by the pandemic, is in the news daily, too many organizations continue to lag in their planning and preparedness. There are countless stories of entities across the business and societal landscape, from big corporations to hospitals to schools, navigating data breaches and other forms of cyber-attacks that put their organizations, employees and stakeholders at risk. Cybercriminals are always looking for their next target and their tactics are continually evolving. The question is how to keep one step ahead or, at the very least, to keep pace with best practices?

Ransomware is currently headline news and rightly so. Technology professionals around the globe have observed recent spikes in this form of cybercrime with alarm. The sheer volume of ransomware attacks in the first six months of 2021 is said to have eclipsed the 12-month total for 2020 and show little sign of slowing.

I’ve been known to use quotes to inspire or strengthen my message, so here goes: “The sky is falling, the sky is falling” (The Remarkable Story of Chicken Little, 1840). Believe it or not, this Chicken Little quote has significance to businesses: If you are not ready for incidents, individuals will go into a panic and act like the sky is falling. Preventing this is the main focus of an incident response plan (IRP), which takes control of events that could cause catastrophic harm to your organization in advance so that you do not panic when they actually occur.

Disasters. They can mean different things to different companies. One company might be scrambling without any sense of direction during a malware attack; another company might be as cool as a cucumber. The difference is having a plan in place and the right personnel to help fulfill it. Franz Kafka, a major figure in 20th-century literature, stated, “Better to have and not need than to need and not have.”