Risk = Likelihood x Impact. Which type should you focus on first?
When thinking about how to reduce the RISK of a cyber-attack, it's useful to think about security measures that will reduce the LIKELIHOOD of an attack and those that will reduce the IMPACT.
Cyber 3-2-1: Don’t worry about zero-days. Don’t worry about passwords. Don’t worry about your code (if you’re a software company). This week’s action: Do you share the concerns of 48% of Board-level cyber experts?
Cyber 3-2-1: This month and last month, Ireland’s police, government and national cybersecurity agency have warned SMEs about the ever-increasing threat of cyber attacks. And yet executives and boards will continue to deliberately ignore this risk until their valuables have been stolen. This week’s action: You are choosing your own adventure. Make sure you are comfortable with your choice.
Cyber 3-2-1: It’s not as simple as “Windows 7 = bad / Windows 10 = good”, or “Password = bad / Passwordless = good”. But it certainly is as simple as “2FA = Good”. This week’s action: Test your backups
Cyber 3-2-1: Plain English cybersecurity advice in 3 articles, 2 statistics and 1 action, including why professional services firms are now ransomware’s #1 target, another survey confirming that remote working is here to stay, and why good is better than perfect when designing security controls. This week’s action: Remote Desktop Protocol (RDP): Search for it in your firm, and remove or protect it.
When people talk about 'risk', they usually think about 'likelihood'. But risk is not just about likelihood. It's also about impact. And when we think about impact, we start to pay attention.