Norm presents The Forgotten Middle Brochure - Flipbook - Page 2
03
Contents
Which cyber risks do I need to
protect my organisation from?
Zero Day Attacks
06
Ransomware07
Supply Chain Attacks
08
Phishing09
Cloud Security Attacks
10
The five steps to effective
cyber risk management
Know your cyber risk baseline
Basic hygiene and maintenance
User awareness and training
Selective investment in advanced
technologies
Be ready to respond
12
13
13
14
Formalising your cyber risk strategy
15
14
Conclusion16
The cyber threat landscape continues to evolve and
present organisations with a growing number of attacks
to try and defend themselves against. High profile
attacks like SolarWinds and the recent Microsoft
Exchange Server hack only serve to remind us that cyber
criminals, hackers (typically of the black hat or hactivist
variety) and state or nation-sponsored threat actors
are continually striving to find new, innovative ways to
compromise our data and systems.
While large corporates tend to have vast cyber security
resources at their disposal, the same is often not
the case for small and midsize organisations. These
companies are likely to run a leaner and in many ways
more agile technology operation, and it is usually more
tightly aligned to the products and services they deliver
to customers and other stakeholders – i.e. revenue
generating activities. What this means is that they are
less able to invest in cyber security measures and the
specialists required to manage them, and in some cases,
they don’t have the inclination to do it either.
Yet the threat to midsize organisations remains very real. In fact, it is often
greater than that faced by their larger conterparts. Why? Because cyber
criminals know that the digital assets and systems of midsize companies
are potentially just as lucrative as those of multi-national enterprises,
but are unlikely to be as well protected.
All of which leaves the Board and senior executives of midsize
organisations with a tough choice to make. Invest heavily in the
technologies, processes and people required to create a
comprehensive cyber security defence, or devote those resources
to the growth initiatives that are vital to competing in today’s heavily
digitalised and crowded marketplaces.
It’s an almost impossible decision, and one which sometimes means
that despite cyber security risks repeatedly being cited as a top concern
for senior leadership teams within midsize companies, it is not an area
for which they feel they can justify extra spend. Until a cyber security or
personal data breach occurs, at which point much of the damage has
already been done.