Cybersecurity 101: Taking a Risk-based Approach
Technology | Connections Editor | Oct 21 2021
October is National Cybersecurity Month in the U.S. and we’re celebrating by sharing a recap of the popular Applied Net 2021 session, “Big Cybersecurity Breaches: What It Means For The Future Of Cybersecurity For You And Your Clients.” Many cyber threats affect businesses on a day-to-day basis. As part of this session, Rigid Bits presenters Ryan Smith and John Host discussed how businesses can protect themselves from cybercriminals.
Smith encouraged both large and small agencies and brokerages to have frameworks in place to not only avoid a cyberattack, but also to respond to one should it ever occur. “There is never a way to 100% reduce risk,” Smith said.
In 2017, we shared that 20% of large businesses that suffered a cyberattack did not put additional protections in place after the incident. “We need to find a balance between convenience and security. In business, we have to accept some risks. The idea that you can fully reduce risk is not feasible — that is more of a fear-based approach to cybersecurity — we need to make educated decisions,” Smith said.
“The idea that you can fully reduce risk is not feasible — that is more of a fear-based approach to cybersecurity — we need to make educated decisions.”
Host then proceeded to speak on the difference between a risk-based approach and a secure-based approach. He outlined that taking a risk-based approach is smarter when dealing with cybersecurity because it considers both the likelihood and impact of the situation. Host highlighted that a secure-based approach contains optimism bias, giving the individual unrealized risk that can lead to improper decision making.
All in all, it is critical that agencies and brokerages begin to build a security culture for their employees. As cybersecurity awareness grows, Smith and Host encourage taking a risk-based approach in order to take proactive steps to enhance cybersecurity. “We are seeing a lot of common threads. A lot of attacks could have been avoided, and as long as businesses continue to not take cybersecurity seriously we will continue to see these kinds of attacks populating the news,” said Smith.
To watch a replay of this session, click here. For more content from Connections on cybersecurity, check out this link.
Tags: Technology , Applied Net , Cybersecurity , Security , Tips