Cryptolocker, for example, is a trojan horse that encrypts certain files on your computer and then offers to decrypt them if a payment is made by a certain deadline. Some never do, but others actually have a helpdesk to help you decrypt the files. Cybercriminals with a helpdesk, can you imagine!
So what can companies possibly do to defend themselves against cybercrime?
According to Georges Ataya, the first step towards cybersecurity is accepting the fact that there will always be attacks and data breaches and some will be successful. The best way to cope with this and defend your company or organization is by setting up a good cybersecurity flow. And the basis of a cybersecurity flow is defining all the elements involved.
Who are the threat sources?
- intelligence agencies
- criminal groups
- terrorist groups
- activist groups
- armed forces
What can you lose?
- availability
- intellectual property
- personal info on employees or customers
- contractual breach or legal issues
- financial loss
- reputation damage
Your cybersecurity flow
Being aware of this, already covers the first step in the cybersecurity flow:
- Identify
- Protect
- Detect
- Respond
- Recover
It’s well worth the effort and time building this cybersecurity flow. Think about possible breaches, possible targets and possible consequences, then document and plan everything. In case of a breach type A, who needs to do what, how will you be communicating, etc. Step number two seems like an obvious one but still many people are not aware of e.g. the risks that choosing a lousy password involves. Making your employees aware of cybersecurity and keeping them involved, might very well be as important as using the right security tools.
Read more in the Belgian Cybersecurity Guide (EN - NL - FR).