News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Prevention is always better than cure

Every data breach that rocks the headlines seems to get worse. The fines get bigger, the damage to reputation more severe. More than one share price has plummeted in the aftermath of a data breach.

Should a data breach occur, there are multiple issues a business has to deal with, says Simon Campbell-Young, managing director of Credence Security. “First, they have to identify the threat, remove it, and fix the systems. Then there’s a range of legal issues, including notifying those affected, paying regulatory fines, and even having to replace stolen assets. Sometimes a business has to offer identity threat protection to the victims. And all of this costs money,” he explains.

“However, most business will recover from the financial losses incurred during a breach. It’s the reputational damage that could be catastrophic. Customers may forgive, but they will not forget. Once trust is broken, you’ll never get it back.”

Simon Campbell-Young, managing director of Credence Security
Simon Campbell-Young, managing director of Credence Security

This is why prevention is better than cure any time, he says. “We recommend several steps to help prevent a business falling victim to a cyber attack.”

All security measures should be tailored

The first step is implementing effective and holistic cybersecurity tools. “All businesses are different, and therefore all security measures should be tailored to suit the specific organisation’s needs. Healthcare providers and financial services organisations will handle more sensitive customer data, whereas manufacturers often have more proprietary IP. They all face different threats, and have a different appetite for risk.”

Start by identifying the most precious information assets, and thoroughly weigh up the risks in relation to the security landscape. “Focus the greatest efforts on the most valuable assets. Prioritise investments here, and make sure they are well maintained.”

Next, he says, is having a good incident response plan in place. “It used to be all about preparing for and detecting a breach. No longer. Incident response is a crucial link in the security chain, as organisations realise it’s not a case of ‘if’, but ‘when’.

Today’s businesses need to add focus to identifying their weaknesses and shortcomings, to boost their preparedness in the event of a security incident, Campbell-Young adds.

Understanding the attacker

“And to do this effectively, businesses need good, actionable intelligence. Understanding your attacker, and receiving relevant and actionable intelligence, is a company’s best hope to stay ahead of the attackers and anticipate their actions. Make sure you have the resources on hand - there are numerous public sources as well as sharing platforms to glean this information, and savvy businesses will also ensure they have internal monitoring and event correlation solutions in place.”

Campbell-Young says they should also share any data-breach information with collaborative industry groups and the security community, as it is crucial in fighting against cybercrime as well as understanding how a breach can impact a business. “This is key to combatting cybercrime.”

Next, bearing in mind that a chain is only as strong as its weakest link, make sure that adequate time and resources are dedicated to staff training. “All employees should be aware of threats such as phishing and social engineering, and should be taught to practice good security hygiene.”

He says as businesses become increasingly digital, they need to work even harder to maintain effective risk management and strong cybersecurity controls, all while remaining compliant, and without stifling usability and innovation. “Cyber crooks are always on the lookout for new ways to steal data. They will bombard your defences, scour you organisation for vulnerabilities, and test your employees for ways to get in. Making resilience a priority is the only way to protect your data, and with it, your reputation.”

Let's do Biz