Cybersecurity: Hope for the Best but Prepare for the Worst – Part I

Wednesday, July 29th, 2015

By Imran Ahmad

Cassels Brock_FullLogo_blue_cmyk

Imran Ahmad 

This is the first article of a two part series dealing with what businesses can do in the face of growing cyber threats. Next month, we will cover how businesses should respond in the case of a successful cyber attack.

Increasingly, reports of cyber attacks on businesses have been making the headlines. The numbers speak for themselves:[1]

  • 5 out of 6 large companies were targeted by advanced attackers in 2014 (40% increase over the previous year);
  • 60% of all targeted attacks struck small and medium sized organizations; and
  • Total of 348 million identities exposed as a result of breaches (average number of identities exposed per breach was 1.1 million).

While these numbers are alarming and underscore the fact that cyber threats are increasingly sophisticated, frequent and cause real damage to businesses, the fact is that this trend is expected to continue and will likely amplify in the coming years.

In other words, it’s a question of “when” and not “if” your business will be the target of a cyber attack. However, precautionary steps can be taken to limit the potential damage (both monetary and reputational) associated with a successful cyber attack. Here are a few key things businesses can undertake to limit the chances of being a victim of a cyber attack.

  1. Know Where You Stand

In order to prepare adequately for potential cyber threats, map out your business’ networks and IT systems, including a clear understanding of what the key business functions are, as well as where the business’ critical data (i.e., the business’ “Crown Jewels”) resides and how they are protected. Consider encrypting all critical data and limit your employees’ network privileges to only those required for them carry out their duties.

  1. Build a Cyber Monitoring Team

Communication and coordination between different departments is critical to effectively counter cyber threats. Consider building a team consisting of knowledgeable managers and professionals (internal and external) who will meet regularly to asses threat levels, discuss how to address gaps and make recommendations to management on how to protect the business’ digital assets. The team should not be limited to or be the sole responsibility of your IT department – rather, the team should also include legal, business and c-suite executives. Care should be taken in putting together the team by ensuring that the right people are around the table and that the team’s mandate and deliverables are clear.

1 Imran Ahmad is a lawyer at the law firm Cassels Brock & Blackwell LLP and member of the firm’s Privacy Group. As part of his practice, Imran works with clients to develop and implement practical and informed strategies related to cyber threats and data breaches. Follow him @imranvpf See Symantec, 2015 Internet Security Threat Report, Volume 20, April 2015, available online at: <>.

◀ Back

Leave a Reply

Uh Oh! It looks like you haven't logged in!

To get full access to our exclusive membership benefits, be sure to log in! Learn about becoming a member today.

If you are already a member of PX, please contact us at to obtain your login information.

Sorry, there are no posts to display