EDITOR’ S QUESTION

/////////////////////////////////////////////////////////////////////////////////////////////////////////

By Sachin Bhardwaj, Director – Marketing and Business Development, eHosting DataFort

Staying in a state of cybersecurity preparedness is crucial to any organisation that relies on data.

This is true for organisations of all sizes and this also cuts across the range of businesses from banking, healthcare, retail, transport, oil and gas, and education.

The Online Trust Alliance’ s( OTA) 2017 Cyber Incident & Breach Trends Report indicates that the number of cyberincidents doubled from around 82,000 in 2016 to nearly 160,000 in 2017.

What it also indicates is that 93 % of these occurrences could have been prevented. This brings to light the gravity of the situation where organisations must remain focused on their cybersecurity posture, processes and procedures.

The threats are growing in frequency and complexity. It is evident that, to curb the intensity of cyberattacks, companies must remain in a state of readiness to tackle targeted attacks. In such an event, it is important that they respond effectively to curtail data as well as economic losses. Some of the basic aspects that need to be considered to ensure that organisations are prepared in the event of cyberattacks include:

Allocate proper budgets

Security comes at a cost. Be it hardware, software, constant upgrades, qualified staff etc, each of these elements must be given their due importance and should be considered to ensure a robust security system.

Understand your risk profile

The risk profile outlines a company’ s known risks, policies and practices to guide how far you need to go and are willing to go to safeguard your assets and data. The most basic approach to understand your risk profile is to conduct an information gathering exercise and rely on internal resources.

A more professional alternative that produces more extensive insights is to hire a consultant or solution provider to conduct an external audit.

Prepare an incident response plan

In case of a cyberattack, organisations must have an incident response plan to tackle the issue at hand effectively. The basic goals would involve the creation of a team that has clearly defined roles and responsibilities. It would also be important to prepare basic rules and instructions in advance which must be followed to minimise damage.

And, in order for the information flow to reach out in a timely and organised manner, organisations must ensure that the right communication is shared at the most appropriate time across stakeholders including employees, supply chain, customers, etc to keep them abreast of the situation in hand as well as about the corrective measures underway.

Minimise downtime

Data is critical – it’ s the engine of any business activity – and its role and importance therefore must be placed at a high level.

Its safety and security should play an integral role in the overall management strategy. The objective of any IT team in the time of a cyberattack is to ensure that there is business continuity and the delivery of ongoing services.

However, there must also be a strong consideration by the CEO and directors on a legal platform to ensure that their shareholders are not at risk.

34 INTELLIGENTCIO www. intelligentcio. com