Think of it as the never-ending stress test. Cybersecurity has crept into the information-world like a million tapeworms burrowing and stealing into business data troves where they can wreak havoc and even demand ransom.

That means organizations, including all those handling vehicles in every facet of remarketing, should have plans and defenses in place — yesterday — and test them continuously.

Businesses and operation must update and bolster their cybersecurity strategies to stay secure for the long haul and ensure they remain productive and don’t lose money to cyber breaches, vandals, and ransom shakedowns, said Philip Geier, virtual chief information security officer for security platform provider, Pivotalogic. Geier gave a presentation, “Cybersecurity Made Simple,” on Aug.18 during the IARA Summer Roundtable in Nashville, Tennessee.

“You need to make sure you have a good security posture developed and the company can perform,” Geier said told the audience.

Geier’s firm is tracking the rising trend of threats and concerns related to cybersecurity. In its recent poll of 300 information technology leaders, the survey found some troubling realities:

• 81% of IT leaders rated vulnerabilities and unknown misconfigurations as the biggest security concern within their environments

• 76% say that their primary obstacle is the inability to hire security staff or lack of security experience and skills among the staff

• 70% say ransomware is their top concern

• 56% identify the inability to adequately manage risk and develop a risk management program

• 50% say their cybersecurity budget fails to meet the minimum figure they need to remain secure

Overall, cybersecurity is the number one concerns among CEOs as they see their companies and industry sectors suffer financial losses from attacks and hacks as massive increases in ransomware afflict the banking industry, Geier said. There has been a 24% increase in breaches compared to the previous year.

Among the leading consequences of a cyberattack or breach is it incurs a loss of trust among clients and customers in addition to the financial losses and compensation needed to remedy the fallout. The average cost of a data breach in 2021 was $9.05 million. 99% of organizations use at least one public or private cloud.

Further challenging the cybersecurity sector is a labor shortage of 3.5 million professionals, whose average base pay starts at $130,000.

Geier outlined four primary steps business and organizations can take to improve their security posture:

No. 1: Identify gaps and vulnerabilities with a security risk assessment. Check up on your overall security health. A risk assessment should span the administrative, physical facility, internal, and external functions of a business. Observe, document, and test all aspects of security, and interview employees as needed to complement the data and findings. A third party can help with such a comprehensive assessment.

No. 2: Measure and communicate your risks. IT people generally don’t communicate very well, Geier said. Leaders must instill consistent communication across the organization with IT. Set up a security score like the format for a FICO score.

No. 3: Build a roadmap to address your risks. Have a plan so you can make the right decisions and not get lost. Prioritize and address risks in the most methodical and effective way possible. Determine who best can devise a cybersecurity plan: internal employees, outside parties or contractors and services.

No. 4: Report improvements over time based on key performance indicators. Communicate and evaluate improvements continuously among different departments.

Meanwhile, organizations and businesses should take the following precautions:

• Do not pay for ransomware blackmail. The more companies pay, the more aggressive they get. Can you do a disaster recovery exercise? Have an instant replacement plan based on practice attacks and scenarios. Conduct emergency exercises at regular times of the year.

• Back up data so you don’t have to pay cyber criminals. Test the backed-up data. Cybersecurity “hostages” pay up because they don’t back up their company data and information. They should put it in a secure cloud and keep testing their disaster recovery plan.

• The power grid is extremely vulnerable. Every company should install or be able to access backup generators and power supplies, since many utilities so far have not adequately invested in grid protection.