In my last blog, I introduced the cyber security journey — ‘Denial’, ‘Worry’, ‘False Confidence’, ‘Hard Lessons’ and ‘True Leadership’.
These are the five stages that organisations need to navigate, in order to achieve effective security in a truly dangerous threat landscape. But here’s the catch — your organisation could already be at any stage of this journey.
To help you identify your current position (and figure out how to move forward), I’ll go through each stage, in detail. So, without further ado, let’s dig into stage one — ‘Denial’.
This stage is fairly self-explanatory. If you’re in denial about cyber security, then you believe that either your organisation isn’t a target, or that an attack is inevitable and therefore you may as well do nothing.
Sorry, but on both counts, you’d be wrong.
Through our research we found that many small-to-medium enterprises believe that they’re too insignificant to be a target. That couldn’t be further from the truth. The reality is that every organisation, no matter its size, will face multiple, low-level attacks — every day.
And here’s the thing — these attacks don’t need to be sophisticated to be successful. The WannaCry attack hit over 200,000 systems, only because people hadn’t updated their operating systems.
Doing nothing is not an option. Yes, it’s impossible to create a system that’s completely and utterly impenetrable. But there are many paths for you to take that can drastically reduce the chance of an attack, and, importantly, mitigate the damage if or when an attack takes place.
Where do you start? With the basics. As I mentioned, a simple update would’ve stopped WannaCry — so a good place to start is to make sure your systems are up-to-date with all the latest patches.
Then make sure your people understand the seriousness of cyber security. This means everyone, not just the people making decisions. Every single one of your people needs to know what a phishing email or risky link looks like, so that they don’t inadvertently allow the criminals into your system.
‘Denial’ is possibly the easiest stage to move on from. You just need to accept that you’re at risk — and focus on cyber security essentials. Once that’s done, you’ll move onto the next stage: ‘Worry’. And that might not be so easy to get through.
Stay tuned for my next blog, to find out why.