Stop skimping. Cybersecurity breaches can severely hurt your bottom line.
Published: Mar 26, 2018
Author: John Loveland
While high profile cybersecurity breaches captured everyone’s attention in 2017, the real story was how far reaching cybercrime became last year. With the emergence of ransomware it became clear that businesses of all sizes in all industries across all geographies were at risk of cybercrime. More and more businesses are suffering ransomware attacks and damages to all businesses were estimated to be over $5 billion in 2017. It’s clear that organizations can no longer ignore this growing threat to their bottom line.
And, protecting your organization isn’t going to get any easier. The high return on investment from cybercrime and the rise in malware- and ransomware-as-a-service models virtually assure that this risk will only increase in the future. And while cyber attackers are intent on making bank from their work, they’re costing organizations in obvious – and not so obvious – ways. Make no mistake, they want to extort your money and take your monetizable data. They’re really good at it. As an example, Equifax reported in September that during a cybersecurity breach hackers had accessed company data that contained information, including Social Security numbers and driver’s license numbers, for 143 million Americans.
But, it’s not the only data that companies are losing. Cyber criminals are also increasingly targeting intellectual property and trade secret information—essentially the invaluable data that companies rely on to develop new products and maintain the competitiveness of their existing ones. They’re also targeting critical infrastructure and customer-facing (read: revenue generating) systems and sites.
And, company leaders who have been through a cybersecurity breach before can attest: It’s not business as usual. In fact, the 2017 report from Accenture notes that business disruption accounts for 39% of the cost of a cyberattack. The lost dollars come from decreased productivity as staff focuses on how to mitigate the problem, and a general interruptions of regular business.
For instance, employees of the FedEx Corps’ TNT unit were still handling some transactions by hand more than a month after a June 2017 cyberattack. The company noted that due to the attack, it was forced to rely on manual procedures for a significant portion of its operations.
The good news is that there are measures you can take to reduce the threats and the impact of a cyberattack. Understanding these threats, which include DDoS attacks, malware, unintentional errors that cause breaches and more is critical to effective cybersecurity efforts.
Now is the time to stop skimping on cybersecurity. Here are some actions every organization should take to improve their security:
- Educate your staff. Employees are your first line of defense. Train them to spot the warning signs of a potential scam or attack, as well as on the importance of maintaining strong passwords.
- Pay attention to data access. Only staff that need data to do their jobs should have access to it.
- Align your budget with the threats. Get a sense which threats are most prevalent in your industry, and then make sure your security spend addresses those first.
- Institute early warning systems. Log file and change management systems provide a real-time record of activity, and offer early warnings signs that something is amiss.
- Build sustainable security. Be realistic in what you can do internally and reach out externally for what you can’t.
Maintaining a secure network presents, at times, challenges that may appear to be insurmountable. Even when enterprises are confident they are fully protected against security breaches today, the increasing complexity of attacks can outpace the people, processes and technology needed for tomorrow.
Cybercrime isn’t going away. But understanding the damage and cost a cybersecurity breach can cause an organization, and prioritizing initiatives that address the right threats can help reduce the risk of threats and the impact of an attack if one occurs.
Click here for more details on improving your cybersecurity.
John Loveland leads cybersecurity strategy and marketing for Verizon Enterprise Services. He is a seasoned technology industry executive and entrepreneur with 20+ years' experience in leadership positions with public, private and start-up companies. A pioneer in the information risk management disciplines, John has founded companies and built practices in the areas of cyber risk, electronic discovery, regulatory compliance, data privacy, and enterprise information governance.