By considering five key areas, businesses can ensure they are well defended and prepared for cyber attacks, according to aerospace and defence firm BAE Systems.
1. Understand the cyber risk
“New technologies bring new opportunities, but they also introduce new risks,” said Neal Watkins, chief product officer at BAE Systems.
“As companies acquire and integrate other companies and technologies, we need to look at the new risks that brings,” he said in a video aimed at business managers.
This includes looking for potential risks introduced by third parties, contractors and changes in the supply chain.
Top of any company’s cyber security checklist should be ensuring that the cyber security strategy is taking all changes in the operating environment into account.
“It is important to have a living, breathing cyber security strategy that you review and update on an ongoing basis to capture all of these new risks,” said Watkins.
2. Have the right security controls
Once vulnerabilities have been identified, BAE Systems said businesses need to be prepared to make big decisions if vulnerabilities are critical.
“We need to have the courage to make the right business risk decision to ensure that the business not only operates, but that the most critical assets are protected,” said Watkins.
“There needs to be the courage in making the difficult decisions on what systems and services are protected, and at what level, which could be crucial to retaining a customer or client,” he said.
4. Build a defensive culture with security-by-design
Security needs to be ingrained into the company culture, according to BAE Systems. Security by design, said Watkins, involves everybody making sure they are working securely, whatever role in the company they have.
“It’s about everyone ensuring the tasks they complete are secure in terms of process and execution, whether they are writing code in an application, delivering a service or responding to a customer or handling their data,” he said.
According to BAE Systems, security analytics, threat intelligence and situational awareness can help in discovering where the vulnerabilities are.
5. Prepare a response
Finally, the security firm noted that no security is completely effective, and there is always a chance of a successful attack.
For this reason, having a plan in place to respond and repair is what makes the difference between a full-blown crisis and a problem that can be tackled.
“There needs to be a thorough, rehearsed and tested response plan known to clients and employees, across systems and processes,” said Watkins.
“In the event of an attack or crisis, people will be measured in terms of how they respond, and making sure you have a well-thought-through, rehearsed and tested response plan is going to be critical,” he said.
The way people respond to a cyber attack or incident, according to BAE Systems, will have a major effect on operational impact and loss of productivity, as well as customer confidence.