“I also encourage you to collaborate with each other. Share what you are seeing and experiencing. That’s such an effective way to mitigate some of these risks.”
– Jess Thomas, Assistant Director, National Office of Cyber Security (NOCS)
What businesses should do right now
Within businesses, Smale says, it’s best to boil cyber defence down to three core ingredients: people, processes and technology.
People: take a long, hard look at culture, Smale says. Poor culture isn’t just bad for retention and productivity, it also means people are less engaged in cybersecurity and less likely to flag issues. “Is it a culture of hiding bad news?” he asks. “Is it a very hierarchical organisation with a culture of not necessarily questioning requests from above?”
Processes: verification beats sophistication. Verify important and private information on a human-to-human basis or via a secure channel. Don’t trust email. Also, minimise the collection of sensitive data. “If it’s sensitive data you don’t need, don’t collect it and don’t store it,” he says.
Technology: Smale’s priority list is refreshingly basic. Enable multi-factor authentication. Turn on automatic updates. Implement reliable backups stored elsewhere. “Turning on multifactor authentication is one of the simplest ways to stop criminals,” Smale says. “Your password may slip, but your second factor won’t.”
Cyber risk reductions come from simple operational habits, backed up by attention and discipline. AI is accelerating the risk landscape, Smale and Thomas say, but businesses that keep pace will be ones that match modern tools with excellent people training and unglamorous, repeatable controls that make it far more difficult for cybercriminals to turn trust and routine into stolen data and money.
Click Here For The Original Source.
