Unmasking The Greatest Risk of Cybersecurity: Making Assumptions

Cybersecurity is an essential part of every single business online. 

It was, quite frankly, an assumption. I would use the same password for my own convenience and exit my browser after finishing my day, thinking I was secure. Yet, dark actors access sign-in pages and steal credentials as long as a computer is running. That was the assumptions I made before I knew anything about cybersecurity.

Assumptions have triggered an unprecedented rise in cyber-attacks. In 2023, password-based attacks increased more than tenfold. This, according to the Microsoft Digital Defense Report 2023, equates to “around 3 billion per month to over 30 billion with an average of 4,000 password attacks per second targeting Microsoft cloud identities this year.” 

One big assumption about cybersecurity is you’re covered if you have an IT team, cybersecurity framework and new employee training. It’s comfortable to think that.

Being cyberfit, though, is a lifestyle choice. Like eating healthy food and exercising, it’s hard work, but the risks are even higher. Sixty percent of small companies go out of business six months of being hacked according to Cybercrime magazine. Cyber criminals aren’t just pickpockets. They want to steal your intellectual property and reputation.

The good news: you can overcome common assumptions by periodically exploring (I recommend quarterly) three cyber assessments, especially for financial service firms:

Assess Your Risk Profile

•  What is the current cyber risk profile of the organization?

• How does the organization's current cyber risk profile align with the acceptable boundaries of risk established by the board or leadership?

• Are the risk profiles developed by management in line with your company’s risk tolerance?

Monitor Your Exposure 

• What is our actual exposure to cyber risks?

• What needs to be true and what steps to be taken to reduce our exposure?  

• Are there any identified gaps in funding or resources that need to be addressed to achieve an acceptable level of risk?

Take Responsible Measures to Prevent Business Impact From Cyber Risk

• What specific quantifiable business impact do we know of cyber risks and data exposures have?

• What is the measurable business impact of known cyber risks and data exposures?

• What technologies do we have in place to automate the monitoring process?

Exploring these basic (Access Control, Business Function Segregation, Encryption, backups, incident response, and business continuity) will replace assumptions with knowledge, the currency of successful companies in the modern era. Speaking of knowledge, learn more about cybersecurity through this on-demand webinar called Unlocking the Future of Cybersecurity and AI. This insightful discussion features industry experts who are at the forefront of cybersecurity innovation.  Together, let’s make plans, not assumptions, to protect our digital assets and safeguard our organizations in an increasingly interconnected world.