The importance of cyber resilience for all organizations
The Hong Kong Police Force reported 34,112 technology crime cases in 2023, leading to an estimated loss of nearly HK$5.5B. The real losses could be bigger as corporations might have been advised not to pay for the ransom payments. According to market data, systems that got hacked would cost approximately HK$1 million solely on recovery.
It's obvious that corporations who fail to protect themselves from cybersecurity threats will suffer in either paying for the ransom payments or recovery costs which in both cases will cost the business money as well as goodwill.
In fact, all these losses could be minimized and up to 80% of cyber-attacks can be prevented by simply executing the below:
- Maintaining an inventory of authorized and unauthorized devices
- Maintaining an inventory of authorized and unauthorized software
- Developing and managing secure configurations for all devices
- Conducting continuous (automated) vulnerability assessment and remediation
- Actively managing and controlling the use of administrative privileges
With the growing number of cybersecurity incidents in HK, organizations should prepare on hand an Incident Response Plan/ Playbook and subscribe to Incident Response Retainer Service or leverage Cyber Insurance as a risk mitigation measure.
As such, organizations could follow best practice security guidelines and perform regular risk assessments of their environment to identify gaps. Plan for remediation solutions such as additional protection for critical applications or a secure cloud environment through a landing zone approach.
- Let’s assume “A compromise, breach, or incident will, and likely has already occurred” and that allows organizations to stay alert and take proper precautions before it’s too late