As a continuation to the previous Business Leadership Series on cybersecurity, Scott Shackelford and Aswin Unnikrishnan presented on “Managing and Investing in Your Company’s Cybersecurity.”
It is estimated that 90% of successful breaches use the most basic techniques, including social engineering. In addition, most cyberattacks are not discovered immediately. In fact, 85% of cyberattacks take an average of 5 months for an organization to find.
Scott suggests that the key to managing cyberattacks is from the bottom up by exposing technical vulnerabilities: hardware, protocols, code, users.
Aswin Unnikrishnan agreed with Scott and also added that SMEs can take 7 critical steps:
In addition, Aswin stressed the importance of training employees, security risk assessment, and obtaining a managed security service provider.
Both speakers agree that its beneficial for small businesses to invest in cyber risk insurance because of business loss, penalty and damages, litigation cost, and loss of goodwill. While an attack cannot be prevented, precaution helps reduce the impact. Moreover, the increasing cost of breaches is expected to be 6 trillion in 2021. The amount of insurance a business should obtain depends on the tools used and the size of the organization and the model adopted. For example, healthcare and finance are two critical industries that need to carefully evaluate their cybersecurity and insurance.
While the US has some state laws related to cybersecurity including State Data Breach Notification Laws, State Data Security Laws, State Disposal Laws, State anti-hacking laws, this is not sufficient on its own. Businesses should practice private-sector cybersecurity best practices. These include being proactive and investing in built-in cybersecurity best practices from the inception of a project. These 3 best practices include encryption and sophisticated technology, investments in cyber security, and a strong organizational structure. This reduces the risk of a cyberattack by 85%.