Cyberattacks are common enough that a new breach can quickly feel like old news. But for businesses that suffer such an incident, a cyber intrusion won't become old news for a very long time. The road to recovery is invariably a rocky one, and it gets harder the smaller your company is. Many small- and medium-sized businesses won't ever recover from a breach. So why aren't companies doing more to stop them?
If there's a rainstorm, do you take an umbrella outside? If there's ice on the sidewalk, do you watch your step? If there's a breach on the horizon, do you defend your enterprise? These are all questions to which the clear answer is "Yes." Yet many businesses aren't treating cybersecurity with the urgency it deserves. This is a big problem, since according to a recent Forrester study, "at least 60 percent of organizations will suffer a security breach" in 2015. That is not the kind of statistic businesses can afford to ignore, yet many do.
Perhaps the biggest problem surrounding organizations and cybersecurity is a lack of planning. After all, tools like email encryption can't be retroactively applied. If your business' email account gets attacked, no amount of email security after the fact will erase the reality that the breach happened. And that can have a lasting - and sometimes even irreversible - impact on customer loyalty. As the Forrester paper asserted, the lack of an incident response plan is one of the key reasons why breaches happen.
"Incident response is one of the most overlooked areas of information security," Forrester stated. "It is impossible to prevent every breach, and when they do occur, [security] pros find themselves inadequately prepared to respond."
But as a recent ZDNet article argued, a dearth of incident response plans may not be such a large factor in contributing to the scale of breaches. Instead, the ZDNet piece asserted that the big pain point for most organizations is the inability of IT staffers to "respond under stress" when a cyberattack occurs.
"IT folks are not first responders," cybersecurity professional Mike Murray told ZDNet. "First responders are trained for crisis and disaster, IT people are not."
So then what is the best solution for organizations? Get better response plans? Train IT workers to act like firefighters? If you haven't guessed already, in the realm of enterprise security, there is no one solution.
It's time for most organizations out there to re-frame how they view cybersecurity. No, it is not something that's optional. Yes, it should cover every aspect of the business network. And yes, without the proper defenses in place, an attack will happen. But the scary prospect of getting breached can be easily countered by the relative ease of defending your business. Here are some rules to follow in mounting a comprehensive network security policy:
Cybersecurity needs to become a bigger priority among enterprises of all types and sizes. But the move toward more proactive protection does not have to be a cumbersome one. By putting business-defending tools like multifactor authentication in place, an enterprise can move toward greater overall security.