[Reading time: 1 minute]
You protect your home against the most likely crime.
To reduce the risk of your home being burgled, you lock the doors and turn on your house alarm before you leave your home.
You know that if a highly-skilled and determined burglar wants to gain access to your home, these security measures may not be enough to stop them.
But you also know that most burglars are not highly-skilled and determined – They’re opportunists.
So, you focus your efforts on reducing the likelihood of an opportunist gaining access to your home.
You are focusing your efforts on managing and mitigating the most likely risk.
It’s an absolutely logical approach that you should also adopt for your firm’s cybersecurity defences.
Yes, the Russians, Iranians, Chinese or American state-sponsored agencies could probably get through whatever defences you put in place.
But you probably don’t need to think about these big guns.
You need to think about the opportunists.
Because if you are a victim of a cyber attack, it is likely to be an opportunist crime.
What are two most common elements of an opportunist cyber attack?
-
An email sent to a staff member
-
A staff member trusting that email
Therefore, you should answer two questions about your cybersecurity defences:
-
What steps have been taken to reduce the likelihood of a dodgy email getting to the inbox of a staff member?
-
What steps have been taken to reduce the likelihood that a staff member will trust a dodgy email that does get through?