Cyber threats pose a challenge for organizations of all sizes and industries, and ransomware and business email compromise are two of the most common threats today. Ransomware is an obvious threat to an organization because productive activity stops during an attack and the ransom payments can be costly. Business email compromise can come in the form of credential harvesting, phishing, impersonation or wire fraud. With abundant threats out there, managed detection and response (MDR) firms are becoming a security staple for organizations looking to defend themselves against cybercrime.
Dustin Hutchison, Vice President of Services and Chief Information Security Officer, talks about the challenges organizations are facing and what you can do to combat today’s cyber threats in the Security Ledger Podcast with host Paul Roberts. Dustin discusses:
- The true cost of a breach. Organizations want to know the price tag for cybersecurity services, but they need to contrast that amount with the total cost of a breach.
“It’s more than just the ransomware payment,” says Dustin. “It’s the cost of an incident response (IR) firm. It’s the cost of outside legal counsel. It’s the cost of downtime and lost revenue, the opportunity cost of internal resources, the potential downstream cost of cyber insurance increases and then the reputation damage.” Dustin offers the statistical costs for a cyber breach and reminds organizations that having one incident doesn’t mean that a subsequent attack won’t happen.
- Best practices to adopt. At a minimum, organizations should have best practices in place. Such practices include taking an asset inventory to know what’s under the organization’s control and where the data lives, using user IDs and strong passwords, implementing multifactor authentication and understanding the threat profile of third-party vendors.
- How to work with an IR provider. An organization should be engaged with an IR provider before an attack happens, and Dustin describes a few ways that can occur. The organization can enter into a retainer agreement with a cybersecurity firm or take a more proactive approach by integrating the cybersecurity firm into the existing IR plan. If the organization doesn’t already have an IR plan, the firm can help develop a plan and work on simulations to ensure that the organization knows what to do in the event of an attack.
- How organizations know they’re ready for MDR. Across industries, organizations are looking to MDR from a cybersecurity firm to solve their challenges. There are proactive ways an organization can self-screen to know whether it’s a good candidate for MDR. Does the organization need greater visibility into its network? Is it lacking a safety net of experts to monitor the network 24/7? Does the in-house team know what to do next if it experiences a cyber threat? Dustin helps organizations understand when to ask for help from a third party in his podcast.
Cyber threats pose a challenge for all organizations. Learn the actions you can take to defend against cybercrime in the podcast.