Due to the continued innovation of cybercriminals, the cybercrime economy is thriving. And it’s immune to the threats a regular economy faces, such as a recession. Although financial incentives drive some cybercriminals, others are motivated by different factors, such as a cause (hacktivism), political objectives, or even a hobby. Political motives are occurring domestically and globally, specifically in the forms of cyber warfare and cyber espionage between countries.

What can you do as a leader with the new role of cyber guardian?

What can you do as a leader with the new role of cyber guardian? It can feel quite daunting to step into this responsibility when you consider the magnitude of your organization’s technology assets, data and possible threats. Follow these two steps to start.

1. Perform an information risk assessment

This is the most critical tool in your cybersecurity toolbox, providing a roadmap for logically addressing your assets and threats.

• Identify all your assets — computers, laptops, mobile devices, networked printers and copiers, Wi-Fi routers, etc. You can’t protect what you don’t know you have.
• Identify the threats these assets face, and how you are vulnerable.
• Consider what you can do to eliminate or reduce these risks to a level that is within your comfort level.

All technology has risks and rewards. The key of a risk assessment is to identify those risks and reduce them to an acceptable level so you can reap the rewards of this innovative technology.

2. Implement controls to reduce identified technology risks

For example, malware infection from a phishing email is a significant threat. Your organization can take a variety of steps to mitigate this risk, including:

• Installing malware protection software on all systems
• Performing threat scanning on your mail server
• Limiting privilege in user accounts
• Providing frequent end-user education

Another common threat is an outsider exploiting a vulnerability to access your network. Common controls to reduce that risk include:

• Implementing a patch management program that ensures all systems receive the most current patches and updates
• Conducting frequent vulnerability scans to detect these holes and ensure timely remediation

As these examples show, it takes multiple controls to mitigate a single risk. This is important to note. There is no silver bullet for creating and maintaining an appropriate cybersecurity environment. Controls can — and will — fail at any time, so you should have multiple controls in place to reduce the dependency on any one control. A risk assessment will highlight the need for layered controls.

A risk assessment should not be viewed as a single exercise. Perform risk assessments regularly on existing technology and any time you consider new technology. Once you become an experienced risk assessor, this should become a natural way of thinking.

Technology and innovation are here to stay and will continue to improve our lives. Don’t be discouraged from embracing new technology simply because of the unknown. Use a risk assessment when faced with the decision to implement something new. Innovation can drive your organization forward and help you accomplish your mission.

###

Lisa Traina is President of Traina & Associates, a CapinCrouse company. Lisa uses her more than 30 years of experience to assist organizations in implementing measures to secure data and manage risks efficiently and effectively. She is a nationally recognized speaker and author. Learn more at capincrouse.com/cybersecurity.