Unveiling Vulnerabilities: Assessing the Risk of Cyber Attacks
Download MP3What a name for a media website, The Hacker News, but they do give you some good information about cyber risk. What is your risk as a company or even a family office for having a Cyber attack, a ransomware attack? It's math, it's the probability of current times the damage. What's the chances you're going to get hacked and how much you're going to lose if you get hacked, multiply that up and you have your risk.
And they tell you why does it matter, the purpose of this is to evaluate the risk associated with vulnerability. So if you're a company, you want to make sure that you don't just have an IT person that's putting firewalls and patches and that kind of thing. You want to have active monitoring of your network, whether you do it in-house, whether you do it through your cyber insurance policy or have an outside company do it. You want to have active monitoring.
Here's why: these hackers are using new techniques every single week. They come up with new techniques. So whatever preventions have been used a month ago are not going to work today. And unless you have somebody that's constantly every day getting Intel on the new techniques, you're going to be at risk. So make sure that you have active monitoring putting in place detection of all the most recent hacking techniques and that you don't allow your network to be infiltrated.
Because here's what they do: they get into your network, but you don't know it right away. They sit there and they watch your emails for weeks, sometimes months. And they find out the names of the people, the names of your clients, contract dates, account numbers. And then once they have built up a profile on your company, then they start doing things like wire transfers, telling your customers to wire them money instead of you, transferring contracts to other places because they've accumulated all this knowledge, they have everything they need. It's kind of like having the safe open right to your business. So make sure you catch that early and you can do it very easily with active monitoring.
And also have a response plan in place. So if you had a ransomware hack tomorrow, what would you do? Who would you call? Who would take care of different things? Again, if you have a cyber insurance policy, they'll have a response team for you. But if you don't have that, make sure you have a list of people that are going to handle all the details including cash flow, payroll, and HR.