By André Sollner and Bob Hampe
Posted August 11, 2022
While it’s true that advances in cyber security can result in higher levels of data protection, these same advances also inspire evermore sophisticated attacks by hackers. 2022 has seen increasing reports of cyberattacks and higher amounts of payment demanded through ransomware attacks, and the healthcare and financial services sectors continue to be targeted at elevated rates.
If the current model of corporate cyber security persists, where it’s relegated to a single department with security standards unevenly applied across an organization, these attacks will continue—and increase in severity and collateral damage.
Total integration of cyber security across the company and policies that encompass its entire ecosystem are necessary for effective protection. Here are our recommendations to decrease your company’s likelihood of experiencing a cyberattack.
Evaluate Your Cyber Security Supply Chain Risks
As we say, the best defense against a cyberattack isn’t one that you deploy after an attack has begun—it’s the steps you take to prevent such an attack in the first place.
With the ubiquity of “smart” IoT-connected devices, organizations (especially those with high amounts of such equipment, like healthcare centers) are increasingly at risk of attack. However, these attacks are different than in other sectors, and potentially more damaging: By breaking into a vulnerable part of the cyber supply chain, hackers can gain entry into a world of interconnected IoT devices—and put untold amounts of data at risk.
For that reason, it’s critical to evaluate your cyber security supply chain risks. Take an inventory of all devices and all device suppliers in your organization. Then, keep going. Take a look at their suppliers, and their supply chains.
One vulnerability along the line might seem small, but it can lead to a major breach. If such a breach ever happens along your cyber security supply chain, having a detailed understanding of key players’ technology—including those suppliers that are deemed higher risk because of their practices or scope—can help you quickly shut down any nefarious activity.
Revamp Your Corporate Cyber Security Policies
It’s not enough to encourage employees to change their passwords frequently, avoid logging onto public WiFi with company-provided devices or refrain from allowing anyone else access to their work computer. Increasing and regularly testing their awareness and understanding of cyber security along the supply chain is equally vital.
That way, an organization can reduce the likelihood of employees clicking on suspicious links or attachments in an email that seemingly comes from a supplier and potentially causing a security breach. Starting from the C-suite on down, the company culture needs to be focused on understanding how IoT devices are interconnected, and how important it is to keep them secure.
Of course, the responsibility isn’t solely on individual employees to safeguard the integrity of your organization’s cyber security ecosystem. The ecosystem itself must be strong, and must be tested frequently for vulnerabilities. Internal teams can conduct these tests, or external organizations that are experts in the field of penetration testing for cyber security can manage the task.
Ultimately, these interconnected devices and the cyber security supply chains that support them aren’t going anywhere anytime soon. Learning how to avoid trouble before it arises is most of the battle—and well worth your organization’s time and energy.