The majority of European businesses understand they are at risk from a cyberattack and many even believe they could have been the victim of a breach without knowing. However, coupled with this, is a lack of confidence in their ability to protect themselves and a sense of inevitability and resignation to an attack, with many believing hackers will always outwit preventative software.
Insights from RSM
When it comes to cybersecurity, the lack of confidence from businesses is understandable because the reality today is that the threats are greater than protection - the hacker is always two steps ahead.
Not only are there more hackers, but we have seen a move towards syndicates where criminal organisations across the globe are joining forces - often working together via the dark web quite often geopolitically - making the threat stronger.
Doing nothing is not an option. The first step to protection is understanding that investing in security tools and technology will not necessarily prevent an attack, but with strong user education and awareness, it may help you to monitor, detect early, and quickly deal with a breach should one occur.
A strong incident management process will also be crucial to containment. The more equipped you are to contain a potential breach, the less you are you going to be impacted from it - whether that be reputationally or financially.
Controls to prevent, detect, contain and build reliance can be the difference between little impact and a public scandal with significant financial loss.
Effective incident management includes:
- Training users to identify a potential attack and knowing who to inform
- Have tools and technology in place to identify and prevent malware
- Have regular monitoring in place over systems and infrastructure
- Have a formal tested process for dealing with incidents, to contain the incident and resolve it as quickly as possible
If you want to keep pace with the developments in technology, you need to keep pace with the developments in cybersecurity - the two must go hand in hand.
The 64% who believe they have unknowingly been breached is a major concern given the implications and this indicates the psychological stronghold business leaders are under by cyber attackers.
We have seen instances where, via phishing, an attacker has dropped malware into the back of an email inbox and over time all email traffic to and from that email address was redirected to an email inbox abroad, and this went on for months without being detected. An investment in monitoring tools could have detected this but as with many of the clients we see, the damage had been done before they came to us for advice.
Cybersecurity needs to be a priority before the breach as well as during the breach, as mitigation work whilst the breach is occurring can make a huge difference on the potentially damaging effects. Prioritising cybersecurity after breach is, by definition, too late.
Gregor Strobl Sheila Pancholi
RSM Germany RSM UK