Which information assets would you worry the most about if your organisation faced a cyber attack? Trying to secure everything isn’t the most effective defence strategy. But are you confident in knowing which aspects to prioritise when securing your organisation?
With limited resources and a cyber landscape where there seem to be infinite risks, you need a strategic approach to security. By identifying which information assets and revenue streams are critical, you can focus on what’s most important to your organisation. This way, you can ensure your most critical assets are secure, and your business remains operating, even in the case of an attack.
We’ve talked to Wouter Goudswaard, Eye Security’s CCO, to gain insights into the current threat landscape and why a proactive approach to cyber security is the future, including where to start when securing your organisation.
Watch the full conversation with Wouter Goudswaard: Video | Protect what could shut you down first: what to (cyber) secure in your organisation (dataguard.uk)
This article covers:
Get to know the risks for your organisation
You can't protect your organisation from something you aren’t aware of. That’s why the first step is to get to know the risks your company is facing.
Cyber attacks are more common than you think
The current cyber landscape demands a realistic approach to cyber attacks and incidents. Part of it is knowing about the rising probability of facing an attack and its impact on your organisation. “Last year, the risk was that one in five will have a cyber incident—small or big. One year later, we talk about 1 in 4. It’s not a question of if it occurs, it will occur. So, you need to take action,” says Wouter Goudswaard.
Cyber attacks are becoming an increasingly common threat, and their impact on organisations is rising as well. In the last year, the worldwide average cost for a data breach reached 4.45 million dollars. The healthcare sector is especially affected, with the highest average cost within different industries at nearly 11 million dollars.
You might also be interested: Managing risk in healthcare: How to safeguard your company’s data
Robust risk management helps identify your risks
Now that you’re aware of the threats posed by cyber attacks, it’s time to identify what risks you’re facing. This is the foundation for your efforts to secure your organisation’s critical assets from threats like cyber attacks. “It starts with understanding what the risk really is,” says Goudswaard.
This is where risk management comes into play. It involves identifying potential threats, assessing their impact, and implementing measures to mitigate them. Risk management is about understanding your vulnerabilities and taking proactive steps to protect your data and systems. By staying ahead of risks, you ensure your organisation remains secure and resilient against cyber attacks.
Why a passive security strategy is no longer enough
It’s clear that you need a solid strategy to navigate today’s cyber threats and secure your organisation. Still, not every strategy will be equally effective. A passive security strategy, like relying only on cyber insurance, is no longer enough to prepare you for tomorrow. But why is that?
The cyber landscape is changing rapidly
“If you look at the insurance world, there are many domains to ensure and cyber was one of the latest ones,” states Wouter Goudswaard. “So everybody was excited and started to sell cyber insurance, not knowing how big the risk is.”
Cyber attacks are becoming more effective nowadays: Cyber criminals can target larger organisations with fewer resources. More recent developments such as ransomware-as-a-service and phishing-as-a-service make it much easier to deploy attacks.
These business models involve hackers creating and selling ransomware and similar tools to affiliates, who then target victims independently. “The risk is evolving in such a rapid way,” concludes Goudswaard. All this indicates that a passive approach isn’t enough to secure your organisation.
The future lies in proactive measures
Wouter Goudswaard compares the need for active measures in cyber security with the evolution of fire fighting: “Nowadays, you have the taxing devices which detect fire. We have sprinkler systems. We immediately start to extinguish the fire. And essentially, we’ll have the same evolution coming with cyber.”
In case of a cyber attack—like a fire outbreak—effective measures need to be in place to act immediately on it, minimising the impact on your organisation. Insurance can be a helpful add-on, but “You can only be passively ensured when you have active measurements in place,” says Goudswaard.
What’s the role of NIS2 in securing critical assets?
Securing critical assets helps organisations prevent cyber attacks from disrupting operations and threatening data. And soon, this will be mandatory for some.
The NIS2 policy will oblige organisations operating within essential and important sectors in the EU to secure their assets. The essential and important sectors include healthcare, digital services and infrastructure, banking and finance, and the food industry. Medium-sized and large companies with at least 50 employees or an annual revenue of 10 million euros are affected.
Watch video: How to prepare for NIS2
The new policy aims to harmonise cyber security, especially within certain industries. This involves organisations whose service disruptions could do serious damage to society.
If not applied correctly, CISOs and executive management can be held personally liable for failures in implementing the NIS2 policy. Therefore, “We need to protect ourselves. We need to protect the people that work for us. We need to protect the customers we are working for,” says Wouter Goudswaard.
Know the weakest link in any security chain
It’s not always your systems that expose you to the biggest threats. The numbers speak for themselves: 82% of successful cyber attacks have started with a social engineering activity, often via email. Therefore, email continues to be one of the most common threat vectors of how threats get into your organisation. And they’re exploiting the weakest link in any security chain: the human being.
You might also be interested: Don’t take the email bait: How to identify and prevent phishing
That’s why you should focus on your employees, their behaviours, and their work patterns. Without this security piece covered, you could make a significant investment in other areas, not resulting in the intended effect. Implementing awareness training and continuous phishing simulations are suitable measures to mitigate this human risk.
How DataGuard can help you manage risks effectively
Each organisation has its own risks. You need an experienced professional familiar with your industry to understand your organisational context. DataGuard can help you identify, manage and mitigate the risks unique to your company, securing your most critical assets first.
Be prepared to combat the latest cyber threats with a straightforward scenario-based approach to risk management. The industry-specific guidance provided by our security experts will help you focus your resources on what’s most important, leading to impactful and effective security efforts.
Frequently Asked Questions
What is meant by critical assets in cyber security?
Critical assets in cybersecurity refer to the important systems, data, and resources central to an organisation’s operations and security. These assets are necessary for the continuity and safety of business processes. Protecting critical assets is necessary to prevent disruptions, data breaches, and potential financial or reputational damage.
What are examples of critical assets in cybersecurity?
Sensitive information, such as intellectual property, is an example of a critical asset in cybersecurity. Core business functions, like supply chain operations, and key infrastructure, like servers and network systems, also fall into this category.
How do you identify critical assets?
Identifying critical assets begins with understanding your organisation’s risk landscape. Start by assessing which information assets and revenue streams are most important to your business continuity. This strategic approach helps prioritise what needs the most protection to keep your organisation operational during cyber threats.
How can you protect critical assets in your organisation?
To protect critical assets, implement a comprehensive risk management strategy. This involves identifying potential threats, assessing their impact, and taking proactive measures to mitigate them. Ensure you have robust security protocols, regular monitoring, and an incident response plan to maintain resilience against cyber attacks.