In cyberspace, there are continuously new techniques used to compromise organizations. These commissions include cyberattacks, espionage and data manipulation. Organizations ought to arm themselves against these new threats. According to a recent survey conducted by “La Presse” in 2021, nearly a quarter of Canadian organizations were victimized by a cyberattack. During Covid-19, The healthcare sector saw a rise in the number of cyberattacks due to their high vulnerabilities. Similarly, the Ukraine war has increased the risk for SMBs as more attacks are released into the wild. Here are some points to ponder when rethinking your strategies.
What are the essential services?
It is essential to determine which services the organizations offer when thinking of cybersecurity strategies. We can ask ourselves the crucial question: “which essential services could be impacted during a cyberattack?” These essential services are the ones the organizations cannot function without them. Now that the essential services are determined, one must draw up the associated risk that could arise from a cybersecurity perspective. Finding potential attack scenarios and responses to this possible attack could help the organization be more resilient when facing cyberattacks. It is crucial to think about the risk and train your team to face this risk and put them to the test.
How to choose the technology to adopt?
One must choose an appropriate technology rationally, not emotionally. Users can prefer certain technologies but are these technologies chosen based on the cybersecurity strategies? In this case, it is important to compare various technologies to find the right one that fits your criteria. Think to diverse your technologies. For example, if all your servers are running under Windows, having some parts working in Linux could be beneficial. Threat actors will target a technology, so there are ways to save some technologies if there is a divide. Partial damage hurts less than a total loss of data.
Must we be selective of our subcontractors?
As much as subcontractors can impact the organization’s reputation in terms of public image, things are more complex at the cybersecurity level. What if the target was you? Subcontractors can have lower cybersecurity than yours and thus be attacked, which puts your organization at risk. Therefore, it is necessary to audit your subcontractors before working with them to avoid unnecessary risk. To learn more on that, read our previous article by clicking here.