[BreachExchange] Why Cyber Security Should Be the Most Important Thing for Your Business

Audrey McNeil audrey at riskbasedsecurity.com
Thu Nov 17 19:09:33 EST 2016


http://www.blogtrepreneur.com/cyber-security-important-thing-business/

Technology is so rapidly evolving that companies taking advantage of its
potential might start losing control. Cyber security has always been
riddled with holes, where malicious hackers have been one step ahead at
every turn. The quick advancement will only offer more opportunities for
data breaches, as our ever-increasing dependence on technology has slipped
into every aspect of our lives. From personal information to vital
corporate data, it can all be at risk without proper measures taken ahead
of time.

The widespread availability of the internet along with innovative
technologies, such as cloud storage or the Internet of Things (IoT), can
gather the online world in one big community. That is why cyber security is
everyone’s responsibility. One infected device can spread its corruption to
another and so on. The smallest breach can create a ripple effect that
impacts critical systems. That is why cyber security should be the most
important thing for your business, for the sake of your clients and your
own.

Negative PR Impact

There are two main ways in which a business can be affected by
cyber-attacks: data security breaches and sabotage. The former implies the
subtle theft of a client’s personal information, intellectual property,
corporate secrets, game-changing plans, future mergers, etc. The latter
often takes a more disruptive form, such as denial of service (DoS) or
disabling the company’s systems and infrastructure. However, no matter
which it is, the consequences will be harshly felt on the company’s
reputation.

The blame would always fall on its shoulders, and the negative PR impact
would soon follow. Target’s 2013 data breach was the prime example when 40
million people’s credit card information was exposed by hackers. It led to
the company needing to compensate the victims with $10 million, but the
true damage will never get fixed. The trust was broken. Without proper
cyber security, your company’s reputation is hanging by a thread, where one
mistake can shatter your image. Breaches affect the bottom line, impacts
revenue and your ability to maintain or gain customers.

Risk of Exposure to Regulatory Action

Among the financial consequences of a potential breach of security,
businesses have to face negligence claims and charges against their
inability to meet contractual obligations toward their customers.
Governments have taken action and are actively seeking to tighten laws that
require organizations to take more responsibility for cyber security. Every
company needs to take the reins and assure that they have taken every
measure possible to prevent attacks or leaks. The Data Security and Breach
Notification Act of 2015 will take extra precautions in making sure
companies expose their data breaches.

The EU’s General Data Protection Regulation will likewise prompt companies
to report attacks to both competent authorities who can solve the issue and
the affected individuals. A failure to comply will result in a penalty that
equals 5% of their global turnover. It’s clear that governments and
authorities are taking more and more precautions to protect the consumer
and hold businesses responsible for breaches. And yet, 90% of companies
around the world are not well prepared against cyber-attacks. That is why
maintaining a tight control of cyber security is of the utmost importance
to avoid legal issues.

The Threat Is Omnipresent

Most businesses don’t know a lot about internet security, but the threat is
everywhere, in every industry and on most technological devices. In fact,
October has been deemed as National Cyber Security Awareness Month to
increase the attention companies and consumers dedicate to potential hacks.
It underlines the fact that only a few of the truly influential cyber
criminals have been caught. The rest of them still lie in wait and their
methods are gradually more sophisticated. Cyber security is essential at
any moment and businesses should be well aware that everything is a
potential gateway for a breach.

Social events, natural disasters, or even terrorist attacks can come
attached with a threat to cyber security. Back in 2012, Hurricane Sandy not
only devastated nations and claimed lives, but it was also an opportunity
for hackers. They took advantage of the chaos, setting up fake charities
for people to donate.  Earlier in 2007, a brutal storm in Europe killed 47
people, shut down Germany’s railway system, shattered buildings, and
wrecked power pylons. Hackers created a worm in response, sending emails
with the subject line “230 Dead as Storm Batters Europe”. They took
advantage of people’s need for more information on this natural disaster,
and the attack ultimately accounted for 8% of all malware infections around
the world.

It’s important to note that nothing is off limits, which is why cyber
security, awareness, and prevention are key.

Online Vulnerability is Increasing

Technological advancement is a double-edged sword. Unfortunately, hackers
have an easier time wielding it, with new techniques created and updated
regularly. It’s easier to find a weakness in an existing system than to
create a shield against an attack you know nothing about and hasn’t struck
yet. That’s why it’s likely that offenders will always be one step ahead.
With the increasing number of devices, the connectivity of cloud storage,
and accessibility of the IoT, these vulnerabilities will grow
exponentially. Everything from a smartphone to smart watches or even
medical devices can be a channel that leads to a bigger pool of information.

Employees, for example, can have their devices connected to the company’s
cloud and the potential for a breach is instantly created. With increased
availability, security will not be just in the hands of experts who know
what measures to take. It will also be in the hands of every employee or
customer with a smartphone. That means that everyone, from the CEO to the
newly hired clerk can be a potential gateway into the company’s database.
Prevention methods may already be set, but it’s crucial to understand that
cyber security should never stagnate. It should evolve and regularly
receive upgrades.

Most organizations don’t have a plan B in case of breaches, and that
mistake could potentially cost them. The way to fix it is not be reacting,
but by implementing a cyber security structure that follows the proper
steps of predicting, preventing, detecting, and responding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161117/76be4c42/attachment.html>


More information about the BreachExchange mailing list