CFO with Cyber Security Concerns
Cyber Security concerns? Having issues getting or renewing Cyber Security Insurance? Are you facing escalating Cyber Security Insurance Costs?
Here is whats happened, and how to address it.
Obviously the world has been dealing with hackers since the day the internet was invented. However, in 2017, when the NSA tool kits were released to the world, we all lost our innocence – conducting business has never been the same and the Cyber Security business officially became a critical element – a requirement – for every business to incorporate into their daily operations, their business and their IT processes.
https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/
Ransomware became a very real daily threat. Breaches and loss of data became a routine reality, and no company, regardless of size or capability, was immune. Headline reports flowed daily of yet another breach, loss of massive amounts of personal data and soaring ransom (aka extortion) demands from hackers to decrypt users and companies data.
Countries and Geographies all over the world began implementing Personal Data Protection laws, ever increasing their requirements and penalties associated with non-compliance and breaches. PIPEDA in Canada, GDPR in Europe and various states in the US such as California with their CCP Act. More sensitive data associated with children under COPPA, and personal health data under HIPAA in the US and PHIPA in Canada became even more tightly regulated with even more stringent requirements and associated penalties.
Fast forward to COVID and the proliferation of mobile work forces – and the problem absolutely exploded. Companies began opening their networks and systems to remote staff so that some semblance of normal business activity could continue. More employees used their own computers and devices from home, or kids began using Mom or Dad’s work computer to play games. Companies already devastated by COVID lock downs, were now facing massive and serious cyber attacks – costing them even more time, effort, money and productivity.
Business owners and C level executives are now facing unique challenges even acquiring Cyber insurance. Underwriters are becoming more stringent with their requirements and costs are soaring as their losses have annually mounted. Small Business and Mid-Market IT departments are often understaffed and lack adequate budgets, resources and in-house experience to adequately tackle the problem.
Simply “moving to the cloud” is not enough. A pure IaaS solution will mostly just port your problems from your server room to the cloud. An end to end IT cyber security plan will be required moving forward to sustain and scale your business operations, as well as, secure cyber insurance policies and avoid hefty government non-compliance fines and penalties.
From managed devices, SD-WAN connections and VPN tunnels for remote users, End Point Security, Backups, Snapshots, Firewalls, Operating Systems and Stacks, Disaster Recovery Strategies, Logging and Analytics and so much more – must go into your IT strategy moving forward in order to maintain compliance and operations, let alone avoid hefty fines and secure the cyber insurance businesses require to operate.
Firstly, you can never avoid all risk. You must however reduce the probability of incidence and reduce the impact of incidence. This must be an ongoing plan and strategy, that is perpetually evolving and adapting. When disaster does strike, you must be able to recover in a timely manner and without being forced to pay ransom. If you are concerned about your capabilities to meet these objectives, you must start to build your roadmap towards this end goal. Whether you choose to reach out to Cartika for assistance or not (which I personally hope you do), this is the path you must take your business, and these are the goals you must achieve.