TECHNOLOGY & INNOVATION: CYBERSECURITY
A way to improve business continuity in digital transformation
Nowadays entrepreneurs face cyberthreats on a daily basis, You must take measures to defend your core business against these threats and invest in security sufficiently.
However, where do you start? The best way depends on the type of company you run. Some examples are:
- Large enterprises have a (non-executive) board which should monitor the cyberresilience of the organisation, as is stated in the Dutch ‘corporate governance code’.
Fortunately we see that most large enterprises have invested in technology, processes and education of their staff. Yet, they typically remain vulnerable by connections with their business partners.
In some cases they need to find an effective way to regularly update their ways to stay ahead of the newest threats.
- Medium-size enterprises have some measures in place but – in about 60% of the recent assessed cases – depend on a few staff-members in their organisation to keep it a priority.
- Smaller organisations depend heavily on their technology-suppliers. They need to know the right questions to ask to their suppliers and what the ‘quick wins’ are.
- In specific branches / domains (e.g. defence, medical) specific cybersecurity standards have been developed.
- If you run international business, you have to be aware of laws that influence your
Since the start of the COVID-19 crisis we have seen a huge increase in the necessity to invest in cybersecurity.
- Did you know that since the start of the COVID-19 crisis the amount of cyberattacks has grown five-fold?
- Did you know that as a result of working from home the dependency of your staff on your digital infrastructure has increase significantly? Ant that most of the cyber incidents (80%) are caused by (incautiously) acts of your staff or from his or her account?
The human factor is the most critical aspect in keeping your business safe.
For all organisations ‘awareness’ should be a continuous process. As a result of the developments in this area it is a necessity to learn continuously.
fortunately, you do not need to start from scratch. We have collectively gathered quite some experiences over the last couple of years.
An example: “Phishing”-mails. We know that phishing mails can be identified by a combination of the following three characteristics:
- The originator is a person (CEO, “CEO-fraud”) or an organisation (tax office, bank) with authority
- The recipient is a staff member with authorisation, for example someone who is allowed to initiate a financial transaction. Or a software update.
- There is always psychological pressure. For example time. (“You need to take action quickly”. “The debt has to be paid before ….”)
How do you train your staff in recognising these type of threats? And – if identified – what is the best way forward?
Specifically for industry 4.0 there are some additional tricks & tips. Production needs to be able to run uninterrupted. Your drawings and data needs to be protected. Both your own and your customers’. Quite a challenge, knowing in most production-environments not all updates and upgrades are implemented automatically – even if available.
In Industry 4.0 environments, you are more dependent on your technology supplier. What questions can you ask and what can you do in the design of your network?
Cybersecurity is not the goal, but a way to be able to stay in business.