Cyber Sessions: No more hiding from cybersecurity

(Editor’s note: This is the first installment of a monthly guest column on the growing number of cyberthreats facing businesses of all sizes and what they can do about it.)

As the speed of business and the rate of technology adoption increases, so do the risks to businesses of all sizes, their clients and employees.

Yet many business leaders still have not taken desperately needed steps to protect against modern-day cyber risk.

Why is that? Because criminals mostly target only big companies based in major cities?

- Advertisement -

Right here in Rhode Island, our very own Narragansett Bay Commission reportedly paid a $250,000 ransom to end a cyberattack.

And the R.I. Public Transit Authority paid cybercriminals a reported $170,000 in ransom in a 2021 data breach that affected 22,000 Rhode Islanders.

A single data breach can cost a company millions of dollars in financial loss – not to mention the damage that a breach causes to a business’s reputation.

The reality is that every company that uses even a single computer to do business is at risk, including yours.

There was a reported 1,070% increase in ransomware attacks nationwide in 2021, when many enterprises moved to hybrid workplaces. And now, it takes 68% longer to respond to a security breach, when more than 50% of your workforce is remote.

Cybercrime is consistently listed as one of the major business risks keeping in-the-know CEOs and board members up at night.

Many more business leaders, however, don’t even know where to begin to protect themselves.

But in a day where directors and officers are facing civil and criminal lawsuits stemming from cyber incidents, you must ask yourselves: Do you know the current cyber risks your business faces?

How are you handling the responsibilities and due diligence necessary to manage cyber risk and the responsibilities that you have to your clients, shareholders, investors and employees?  Is your organization handling information security oversight and its budget appropriately and up to today’s standards?

Can you readily articulate the awareness of where your risks are, your plan to remediate those risks or when an incident has happened? Are you in a targeted industry, or having trouble getting cyber liability insurance?

If you don’t know the answers to some or all of these questions, then you may be flying blind to your current cybersecurity risks.

But take heart: Recognizing the cause of a problem is the first step to solving it.

As a seasoned leader in the cybersecurity, risk management, and information technology industries, I am partnering with Providence Business News to offer some guidance each month.

This column will seek to educate readers on key strategies to shape your business resilience, organizational risk and cybersecurity plans to bring your company in line with today’s needs.

These core strategies will help ensure that your organization is positioned to be prepared and resilient from these risks, even as our business environments rapidly change, and the threat landscape broadens.

The days of ignoring cyber risks are over. Leaders can no longer hide behind the cover of cybersecurity being “just a technology issue.”

In today’s world, turning a blind eye to this major business risk is viewed as negligence and this has been proven out time and time again.

Each month I’ll discuss critical topics that executive teams need to be considering.

We will talk about the most up-to-date cyber threats and how to evaluate what risks your business currently faces.

We will cover cybersecurity risk management strategies and how to assess your existing cyber capabilities to mitigate those risks.

Most importantly, we will cover cyber risk tolerance, and the desired business outcomes that executives should be discussing – and designing strategies around building a resilient business.

While cybersecurity is a very complex topic that lives in the crossroads of information technology, corporate risk, legal, compliance, human resources and more, we aim to help demystify these subjects, so you can build resilient organizations that can withstand the intense levels of cyber threats that we all face today.

Cybersecurity is a team sport. It requires everyone, at every level of the business to be involved, starting with the people at the top.

Next month: Why cybersecurity is not best when left only to the technologists!

(Jason Albuquerque is chief operating officer of Pawtucket-based Envision Technology Advisors LLC. You can reach him through www.envisionsuccess.net.)