Gregg Sommer, Head of Operational Risk Assessments at Mercer, outlines three key areas for protecting your organization against cyber attacks.
As with so many other risks, when it comes to cybersecurity we believe that the best defense is a good offense. We asked our experts what they look for in a robust cybersecurity mitigation program. They gave us three checkpoints that you can start assessing at your organization now.
“That’s where it all starts,” Gregg says. “Everybody focuses on the technology which is very important, but you have to assess your risks, the context of your organization, and have a culture of protection and understanding the risks.”
“It’s no different than a compliance culture or an investment culture—this is a serious risk and we must take it seriously.”
Organizations are often not transparent about cybersecurity initiatives—but employees left in the dark can’t be expected to take the necessary precautions. “Employees can easily negate very sound networks and technologies that are put in place,” Gregg warns. A little bit of security savvy can go a long way in protecting your overall architecture.
Gregg advises looking at security from three perspectives: hardware, application, and confidential data. If you fail to assess risk in any of these areas, you’re exposing yourself to vulnerabilities that may come back to bite you (and your clients and shareholders).
“Those are the three buckets and they all have to be implemented on a simultaneous basis,” Gregg stresses. Only continuous and comprehensive program will give your organization the 360-degree cyber defense it needs.