Malware, ransomware, spoofing, and pfishing. If you don’t know what these things are, and the extreme damage they can do to your organization, you may not know that October is National Cyber Security Awareness Month. Sponsored by the National Cyber Security Division (NCSD) within the Department of Homeland Security and the National Cyber Security Alliance (NCSA, a non-profit organization), National Cyber Security Awareness Month encourages vigilance and protection by all computer users. Note the key word—all.
Cyber security isn’t just an IS/IT problem. It’s a business problem, and a significant one at that. Experts believe there is a hacker attack every 39 seconds, affecting one in three Americans each year. Even more staggering, a recent study commissioned by Bromium and presented by Dr. Michael McGuire at RSA, found that the cybercrime economy has grown to a whopping $1.5 trillion dollars in illicit profits annually.
So, what steps have you, or can you, take to better protect your organization from the complicated and ever-changing threats to cyber security?
Aside from basics like using antivirus/antispyware software; keeping your operating systems and applications current; adopting a formal internet/email policy; and training employees in basic cyber security principles, you should make cyber security a key element of your organization’s Continuity of Operations or Emergency Operations Plan (COOP/EOP).
But, don’t just put it in writing. Put it to the test. Consider adding a cyber scenario to your next COOP/EOP exercise. It’s a simple and inexpensive way to assess and advance your organization’s cyber security preparedness.
Just ask the folks at the Colorado Housing and Finance Authority (CHFA) in Denver. Earlier this year, CHFA (with the help of BOLDplanning) conducted a tabletop exercise of their COOP plan, which included a cyber scenario. Participants not only learned just how harmful and disruptive such an attack can be, but also some simple, yet oftentimes overlooked, ways to combat them. They also gained a better understanding of their specific roles and responsibilities during cyber events, and how they ultimately play into the big picture of resiliency.
Remember, hackers and scammers are always looking for ways to get inside your organization. Do your part to protect it. Take time out this October, National Cyber Security Awareness Month, to evaluate things (or better still, conduct a cyber exercise) so you’re not left apologizing for your lack of preparedness. That is not the position you want to be in, as so many public and private sector organizations can, unfortunately, now attest.