There are several aspects to consider in order to be prepared. First, cyber defense requires that you know your partners, especially if they handle your organization's information. For example, you need to make sure that access control is clearly in place in a cloud-based file sharing system. You also need to make sure that ransomware or other uninvited guests are prevented from entering your network through partners.
Second, people. Employee awareness plays a key role in protecting yourself. Employees need to be informed and instructed on how to act in the event of cyber incidents. The information security unit must have its own emergency number for crisis situations, that is a hotline personnel can contact to report their concerns. No matter how slight the suspicion, it must be reported immediately because the cost of days or weeks of delay can be very high. It should be mentioned that even in organizations where information security training takes place regularly, around 10 percent of employees still forget themselves and click where they should not.
Third, processes. There must be guidelines for critical situations on who exactly needs to do what. For example, in a power plant, there must be a very comprehensive manual on which button to press at what time, otherwise everything will blow up. Processes and guidelines are meant for managing the incident within the organization and coordinating with external partners when necessary. So that every link in the information security chain knows what it has to do. From the point of view of an employee, it is enough for him/her to know the person whom to contact in the event of an incident. The rest is the responsibility of the Chief Information Officer who decides when and through which channels he/she informs the management, authorities, etc.
Fourth, technology. It is an important part of the preparation and must be capable of gathering information about the incident and contributing to the quick resolution of the situation. It goes without saying that technology must not be the organization's Achilles heel that facilitates attacks. Businesses typically replace laptops and other office equipment every 3-5 years. All information security solutions should also be reviewed with a fresh eye at the same interval because their life cycles are different and some of them may be hopelessly outdated.
In addition to the loss or manipulation of data, an attack can lead to reputational damage, the consequences of which the company will have to deal with for some time.
However, in the event of an incident, you must be ready for well thought out communication both within the organization and with your customers and other external target groups.
Head of Cyber Security
+372 521 4332
The line blurring between work and spare time, and the widespread use of remote work mean that peo..
It is a volatile time for economy, which always leads to businesses being purchased and sold. For ..
Mihkel Kukk, Head of Cyber Security Services at KPMG, notes that, although great importance is att..
"Not dealing with information security should not be seen as an IT risk, but rather as a strategic..
Mihkel Kukk, Head of Cyber Security Services at KPMG, says that artificial intelligence cannot rep..
Provide a safe and sustainable business environment for your company. We help build a resilient and reliable digital landscape, even in the face of changing threats.
HR assessment focuses on mapping the skills and increasing the competencies of the weakest link in cyber security: the users, the employees.
Threat assessment is a tactical and technical service that allows a company to get a quick overview of external threats.
Maturity assessment helps plan IT investments and design further steps to mitigate vulnerabilities and ensure better security.