The European Union Agency for Cybersecurity (ENISA) reported in October 2021 that the COVID-19 pandemic had an expected impact on the cybersecurity landscape. “Cybersecurity threats related to the pandemic and exploiting the ‘new normal’ are becoming mainstream”, warned the report.

As the world of business became increasingly digital, opportunities for cybercriminals only grew. The global shift to digital practise resulted in the migration of traditional infrastructures to online and cloud-based solutions, and as a result, the cybersecurity landscape grew “in terms of sophistication of attacks, their complexity and their impact,” continued ENISA.

Leigh Heritage, Volaris Group’s director of data security, works with executives across the Volaris portfolio to manage threats and improve cyber-resilience. Heritage and his team help businesses understand the threats they face and how to proactively manage the risks of data loss or breach through 24/7 managed services, coaching, training, and threat intelligence.

Cyber-Security Starts Pre-Acquisition with Volaris Net Europe

Volaris Net Europe, as an active acquirer, understands how difficult it can be for smaller businesses to resource cyber security.

Heritage and his team consider dozens of data points at businesses Volaris are considering acquiring, to understand their regulatory compliance requirements, inherent risks, and current posture in order to know what is needed to bring them up to Volaris’ minimum security standard.

Volaris assists with the implementation of a standard set of security technologies and can aid with tasks like code vulnerability scanning and security auditing. It’s a practical approach that allows executives to focus on actions that will have the most impact.

“It is absolutely critical that we help companies be great stewards of their customers’ data. It’s the right thing to do, but also it is important to maintaining brand reputation and credibility in their markets. No one wants to be in the news for a ransomware attack,” said Heritage.

Approaching Data Security as an Executive

Heritage advises executives to focus on moves that can have the most immediate impact. Taking a pragmatic approach, Heritage and his team get businesses set up with the processes, programs, and tools that are going to have the most impact for your business.

With the increasing sophistication of cyberattacks, it is also crucial to understand the specific threats to your industry. Industries identified as most likely to receive attacks in the ENISA report included public administration/government, digital service providers, and healthcare/medical. These industries would benefit from taking a more rigorous approach than those that face fewer threats. This begins with understanding your industry’s specific threats, how sophisticated they are, and where they are most likely to originate. You can then use this information to develop an effective strategy.

However, you cannot protect what you cannot find. Understanding where your data resides is critical to defending it against cyber-attacks. What systems hold your most sensitive information? What kinds of data do you have? According to Varonis, on average, only 5% of companies’ folders are properly protected. Begin by mapping your systems, business processes, and data sensitivity to get a complete picture of what needs to be protected and how to do so most effectively.

Finally, leaders should recognise that sometimes the weakest link can be human error. Across 2020 and 2021, ENISA observed a spike in non-malicious incidents as the pandemic became a multiplier for human errors and system misconfigurations. In fact, a report by Cybint found that 95% of cyber security breaches were caused by human error. With increasing remote work and new hybrid strategies, it becomes increasingly difficult to protect your employees in the same way as pre-pandemic times.

Your overall security posture can be greatly improved by taking care of the little things, such as phishing literacy training, stronger password requirements, and approval procedures for SaaS applications. Remember the importance of security awareness, intelligence, and training in preserving a culture of security within your company.