It is common in risk management circles to hear people saying that the question is not ‘if’ you’ll suffer from a cyberattack, but rather ‘when’ the breach will happen.
But even this doesn’t go far enough, says Stefan Dydak, head of security consulting at Adnovum AG.
Instead, he told the audience at the Risk-!n conference in Zurich: “It’s not about when you get breached. You’ve already been breached, it’s just a question of whether you have detected it yet.”
Against this backdrop, he identified three key priorities that are critical to improving cyber resilience and identifying, managing, and bouncing back from attacks.
Cyber hygiene
His first choice of weapon in any firm’s armoury against hackers and cybercriminals is cyber hygiene. This sounds obvious, but Dydak says that it often falls by the wayside as companies over-rely on whizzy security software.
He shared a quote from Bruce Schneier, which sums up the problem: “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology,” adding that the longer that you’re in the industry, the more clear this becomes.
He…
