Cyberattacks are on the rise in 2021, and so are private- and public-sector efforts to contain them. Major meat producer JBS USA’s IT systems were hit, a ransomware attack shut down the Colonial Pipeline and stalled about half of the East Coast’s fuel supplies, and President Joe Biden signed an executive order to tighten the cybersecurity standards of any software sold to the federal government as a response to 2020’s SolarWinds hack that compromised a half-dozen government agencies and thousands of private companies. And that’s just some of what happened in May alone.
Across industries, the risk of cyberattacks and stolen data has been rising steadily, and organizations are facing challenges in keeping up. In 2020, healthcare-related data breaches increased 42% compared to 2019, with some 40 million patient records being pirated during the pandemic. Meanwhile, the Verizon Business 2021 Data Breach Investigations Report found particular challenges for businesses as they migrate more of their functionality to the cloud, as attacks on web applications represented 39% of 5,200-plus breaches nationwide.
Forward-thinking CEOs know that an ounce of prevention is worth a pound of cure. Shoring up the enterprise’s cybersecurity and trying to stay one step ahead of hackers is a constant battle to be waged. Especially as you operate in the cloud, the consequences of ignoring the threat of a breach by cybercriminals can be catastrophic — from stolen data and lost intellectual property to fines levied against your company and consumer trust eroded in your brand.
Many organizations are already using some form of the cloud in their business, whether it’s a hybrid workload or full cloud adoption. Companies that use the cloud and those about to make the ascent must prepare to mitigate the likely inevitable data breaches. As you aim to mitigate risk in a threat-heavy cloud landscape, here are a few steps to enact to build up your defenses:
- Hold yourself accountable.
When organizations migrate to the cloud, many make the mistake of assuming that all of the security responsibility falls on the platform provider. Not true. The cloud is actually policed by a shared responsibility model: Each side is in charge of its own data security in the relationship. Learn what falls under your purview.
“Make no mistake: Your organization — not your platform provider — is in charge of data security,” says Brian Olearczyk, chief revenue officer of Salesforce security and governance provider RevCult. “Under the shared responsibility model, platform providers must ensure the security of application services, network services, and infrastructure services, but they’re not responsible for the development and configuration of applications you choose to run on their platforms.”
For example, he said, “Salesforce offers numerous built-in features that your team can use to help protect the data stored in your org, but if you’re used to receiving comprehensive IT and cybersecurity support from legacy solutions providers, you’ll need to hire experienced personnel or partner with a cloud security specialist to fill that void moving forward.”
- Regularly educate your employees.
Your team is dynamic and smart, but that doesn’t mean it understands cybersecurity. That’s why it’s imperative to hold training sessions on digital threats and cyber risks on a regular, permanent basis. It seems simple enough to those who work in IT or data management, but folks in human resources or production may not have the first clue about effective password management and email security.
Because the vast majority of breaches are internal in nature, your workforce is the first line of defense against unintentional data loss (and malicious attacks from the outside as well). Can they spot a phishing email or recognize ransomware? Do they know how to properly report a breach if and when they experience one? The only way to keep your team members focused on an element as important as cybersecurity is to teach, review, simulate, teach, review, simulate — and teach some more.
Beyond constant training opportunities for everyone, push to make cybersecurity a key focus of all employee onboarding, and create a detailed company policy that all workers agree to adhere to and abide by.
- Prepare a contingency plan.
Tornado drills, fire evacuation maps, active shooter exercises — all are necessary, just-in-case measures that plenty of businesses take to best prepare for an emergency. You can never be too prepared. To that end, does your company have a written, comprehensive communication plan when it comes to sharing a breach with your customers and employees? It should.
Hopefully, you’ll never have to use the plan you prepare. But you aren’t prepared without a plan, so make that a pressing priority. Borrow from other organizations if you like; resilient cybersecurity response isn’t proprietary information. Start by identifying the biggest vulnerabilities within your company — ones that could grind business to a halt if they occurred — and mapping out your extensive network. This takes time, yes, but all worthwhile endeavors do.
Once a clear chain of command is set for if a breach should happen, draft a communication policy that outlines exactly how internal conversations with team members and press releases to media outlets will be handled. Leave nothing to chance. If you don’t prepare as if a breach is inevitable, it’ll be much harder to respond when the inevitable occurs.
Written by Rhett Power.
Track Latest News Live on CEOWORLD magazine
and get news updates from the United States and around the world.
The views expressed are those of the author and are not necessarily those of the CEOWORLD magazine.
Follow CEOWORLD magazine
on Twitter and
Facebook. For media queries, please contact: