By Jeff Gragg, Managing Partner, Columbus Consulting

Cybersecurity issues and attacks continue to increase. Ransomware attacks increased by 71% between 2022 and 2023. The average cost a company pays to reconcile a Ransomware breach is now greater than $4 million. The FBI says that at least 60 countries harbor cybercriminals. For these reasons, this article will explore several high-level areas of focus that companies should invest in to protect themselves from a Cyber event.    

Don’t Ignore it until your company is impacted

Like many Consulting organizations, Columbus Consulting (CCI) gets many calls from companies after a breach. The first question is normally “Where do we start?”. Our advice is to be very proactive when managing Cyber Security policies, procedures, budgets, staff, and activities. Do all of this assuming that a breach will occur to your organization at some point. The best thing that you can do is prepare before something happens. Most hackers prefer easy prey. This means that the more preparation and complexity your company creates, the less probability Cyber Security Breaches will impact you. 

Today, the average investment in Cyber Security is 10% of your IT budget. This will differ by industry and type of company. Ensure that your Company’s investment is adequate. Today, Senior Management should get regular updates regarding Cyber Security. They should stay involved, educated and extremely supportive. A basic principle, however, we see many companies that don’t adhere to it. 

Ensure you have a dedicated Cyber Information Security Officer (CISO) or someone in the organization who is primarily responsible for it. He or she should also have adequate resources, staff and an outside network for assistance. Cyber Security is much more complex than most people realize. There are many fronts, products and approaches to manage at a second-by-second level.      

Educate and Continuously Train Employees

Approximately three-quarters of Cyber Attacks begin with an Email. Almost 100% of organizations report email incidents. A large percentage of Cyber Security Breaches also begin with some type of human error. Since just about every employee in a company has some type of email access it is important to make certain that they are aware of up-to-date hacker practices in this space. Frequently train all employees. Regularly broadcast new information about things to look out for in email phishing campaigns. Most importantly, create a regular process to test staff to see if they will open potentially dangerous emails. If staff fail, then provide additional security training. All of this will need to be supported by outside tools and services that also scan emails looking for suspicious activities. This can be done by routing email through outside partner software. Companies that provide this service stay extremely up to date identifying the latest attack practices.        

Create Policies and Procedures with an Action Plan for Employees and be Proactive

If you don’t have a Cyber Security Policy and procedures manual, create one. The manual will outline in sequence the steps to take if a breach occurs. It will also describe who in your organization is responsible for what. There should be Cyber Security Insurance. One call will be to the Insurance company to identify their requirements and next steps.

A common objective is to get Cyber security certified. There are many different certifications and/or types of certifications. A few examples are ISO 27001 and NIST. There are also many certifications for internal cyber security staff. We believe that investing in certifications can be beneficial.   

Don’t Go It Alone 

Many outside organizations can help provide additional Cyber Security information and assistance. Maintain relationships with some of these entities so that your company can gain assistance in identifying recent new suspicious activities. Several of them have websites that can be regularly checked to see the latest hacking attack types and definitions. Maintain a relationship with the FBI and the NSA, both of whom are great sources of information.  

Adhere to a Multifaceted Methodology with Both Internal and External Support  

At CCI, we believe in multi-layered defenses with various protections at each layer. Seek to implement your methodology that is complex enough to elude many of the threats that will certainly come your company’s way. 

ABOUT COLUMBUS CONSULTING

Columbus Consulting delivers solutions that drive true value and have been transforming the retail, grocery and CPG industries for over two decades. We are a retail consulting company of industry experts. Our approach is simple, if you do it, we do it. We are more than consultants; we are experienced practitioners who actually sat in our clients’ seats. We understand the challenges, know what questions to ask and deliver the right solutions. Columbus offers a unique, consumer-centric approach with an end-to-end perspective that bridges functional & organization silos from strategy to execution. Our specialties include: unified commerce, merchandising & category management, planning & inventory management, sourcing & supply chain, data & analytics, accounting, finance & operations, people & organization and information technology. Let us know how we can help you. To learn more, visit COLUMBUSCONSULTING.COM.

Connect with one of our experts