88% of companies now consider cybersecurity a business risk. The time may come when the executives of a firm want to draw up their battle plans. They might have heard of a competitor who got affected and lost significant revenue. They might have seen or read a story in the news which raised an alarm, as so many stories around cyber attacks do these days. The time for action is now.

So how can a business get from a house built with straw and clay to a full-blown fortress with solid walls, watch towers and a strong roof? Below are some suggestions our team of consultants compiled to go from here to there.

STAYING IN COMPLIANCE: THE MOAT, THE DRAW BRIDGE AND THE FLAG.

Before we dive in, let’s step back for a moment. How do data breaches happen? What are the hacker’s strategies? What are the weaknesses they are looking for? Once we learn their tricks – we can better prepare and put the right security measures in place that will simultaneously protect our business while staying within budget and compliance. If done right – we can fight fire with fire.

1. Research: The  criminals looks for weaknesses within the network. These include:
   • Unsecured network.
   • Unsecured communication channels such as unencrypted emails.
   • Software that has not been updated to the latest version with the necessary patches.
   • Attempt to hack into user account through bugs within an applications.
   • Taking possession of credentials and passwords. The hacker can be aided in this by software that run through millions of the most popular credentials and tries them out on the system (think “12345” or “password).
2. Attack: The cyber criminal contacts the network or performs a social attack.
   • Network: take advantage of any or all of the weaknesses described above.
   • Social: tricking or baiting employee via email to giving out their password or opening a malicious attachment/link.
   • Prepare for extraction of data or control of the network: Once inside, The criminal plants a piece of malicious software or malware on the network.
3. Control of your Network: Once they gain access, the hackers are in your network planting malicious software and or malware.
4.  Exfiltration: The criminals now can track all your web traffic including sensitive information. They have the means to lock down any and all machines within your network including the server. Then they will demand a ransom – typically a financial payment of a significant proportion. This is a “Ransomware attack”. They can start deleting files if you do not that ransom within their demanded time frame. This is really bad news.

Now that we have gained insight into what cyber criminals are looking for and will do when attacking an organization, we can come up with a list of components a business must implement to build a castle that does not look appealing to pillagers.

1. Network security: Fully managed Firewall with anti-malware and anti-spyware that will include MDR or Managed Detection & Response. 
2. Internet security which is designed to monitor incoming internet traffic for malware as well as unwanted traffic. This protection may come in the form of firewalls, anti-malware, and anti-spyware.
3. Applications, data, and identities are moving to the cloud – traditional on premise security stack is simply not intelligent enough to counter the latest threats. Only Cloud Security can deliver maximum and the most up to date protection. It can help secure the usage of Software-as-a-Service applications and the public cloud.
4. Application security diminishes the likelihood criminals can gain access. It helps prevent is an added layer of security which involves evaluating the code of an app and identifying the vulnerabilities that may exist within the software. This coded into the software itself.

Also: Qualifying for cyber security insurance – Part 2: Going Down The Checklist