[BreachExchange] Cybersecurity 101: Why it matters to your business

Audrey McNeil audrey at riskbasedsecurity.com
Tue Jun 7 19:38:16 EDT 2016


http://www.itproportal.com/2016/06/05/cybersecurity-101-why-it-matters-to-your-business/

In a mobile-first, cloud-first world, where there’s so much powerful
technology available to businesses to help prevent and counter
cybersecurity threats, the fact still remains that hackers are becoming
increasingly intelligent and the risk to organisations is at an all-time
high.

Cybersecurity can be a particularly intimidating and costly issue for
businesses. Indeed, the Verizon 2015 Data Breach Investigators report found
that, in 60 per cent of cases, attackers were able to compromise an
organisation within minutes. This highlights just how little time IT
departments have to identify and combat an attack once it is in progress,
especially given that it can take months for companies to realise their
data has been breached. Nevertheless, cybersecurity threats can still be
undermined by organisations, with some companies choosing to take the risk
rather than invest in security, or simply not educating themselves about
the potential loss involved.

The ‘who’ and ‘why’ of cyberthreats

While the lone teenager pitting their wits against corporate networks may
be the stereotypical image, the ‘who’ behind cyberthreats is actually far
more multifaceted, complex, and continually evolving.

>From an external perspective, one huge threat to organisations is that of
industrial espionage – with other companies looking to gain competitive
advantage and save money in development costs as a result of stolen
intelligence. Then there are other external risks: from organised crime
networks with teams operating on large scales to opportunists looking to
prey on the mistakes of organisations and individuals. Recent realisations
have also brought to light additional threats, including state-sponsored
espionage, terrorists, and even the media.

Yet it’s not simply malicious outsiders that are the issue. Knowingly or
not, employees within organisations can also behave in a way that
jeopardises the security of their company’s data.

Employees who don’t understand the threat of cybersecurity or the value of
the information they handle are prime targets for criminals – and such
issues can be exacerbated by inadequate information policies and a lack of
training. Then there are the malicious insiders, including individuals
specifically looking to infiltrate their company’s data and even
disgruntled employees.

Finally, a growing number of high profile organisations are falling victim
to targeted supply chain attacks – with cybercriminals becoming wise to the
fact that suppliers can’t always field the level of cyber resources of
those that they serve.

The real cost of an attack

The cost of an attack can be significant and far reaching, with the
potential to impact individuals, businesses and the UK economy.

Media representations of breaches tend to focus on the effects to
individuals, yet cyber breaches also have a severe impact on the victim
organisation’s bottom line. Direct costs can include damage control, system
repairs and the regulatory fines associated with data loss. However, there
are also indirect costs to consider, such as loss of intellectual property
and stakeholder confidence, both of which can blight organisations and
decrease share value.

According to a joint study undertaken by the Centre of Economics and
Business Research and Veracode, cyberattacks cost British businesses £34
billion a year in terms of lost revenue and resultant increases in IT
spend. The Worldwide Economic Forum has highlighted that total global costs
are difficult to calculate because a great deal of breaches go undetected.
High profile data attacks perpetrated by visible groups present a clear
smoking gun, but industrial espionage can be difficult to identify and stop.

To combat such costs, the UK government has greatly increased its
cybercrime budget. However, the message remains clear: organisations must
take care of their own cybersecurity, through appropriate use of technology
and by promoting higher levels of employee awareness.

Knowing what your business is up against

The first step in the prevention of cybercrime is knowing exactly what
threats an organisation is up against and how they can be mitigated
internally.

A necessary step is to encourage education that reduces the risk of
employees using weak passwords, being tricked by phishing scams or
downloading software from unknown vendors. It’s also about knowing what
policies and background checks ought to be put in place to ensure data
usage is managed. While all of this can feel basic, the reality is that
breaches happen when the basics are not being executed correctly.

Beyond this, organisation’s need to ensure that individuals trained in an
on-premise world are equipped to combat cybersecurity risks in the cloud,
and also that IT security is consistently considered an issue for the
boardroom.

Essentially, it all comes down to education and prevention. Both companies
and employees must be fully aware of the potential threats and the
necessary prevention methods in order to be best equipped to protect
themselves.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160607/52a6c1b8/attachment.html>


More information about the BreachExchange mailing list