[BreachExchange] Steps to tackle cyber security breaches
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Sep 14 19:34:29 EDT 2017
http://tech.economictimes.indiatimes.com/news/internet/
steps-to-tackle-cyber-security-breaches/60478055
Internet accessibility has only enabled the critical role of information
technology in our daily lives. It has always been an inevitable part of
organizational functioning, however access to the internet puts a lot of
power in the hands of organizations and individuals alike.
Some recent examples include the leaking of several episodes from the
wildly popular Game of Thrones series. While fans eagerly awaited to see
what happens next, little did they realize that this excitement would be
dampened by spoilers spread across the internet and social media.
The latest season of the hit fantasy TV show has been marred by several
cyber security breaches. Apart from the hackers’ attack, the channel itself
leaked the penultimate sixth episode accidentally.
This has been an example of C-suite executives everywhere that even
one-time cybersecurity threats can greatly hamper a business, regardless of
its size. In spite of its scale, the company has been reeling, attempting
to fix holes in their cybersecurity procedures while keeping up with Game
of Thrones fan hysteria.
In fact, its size makes it more vulnerable to the negative impacts that
such instances can have on its reputation and revenue. Organizations must
ensure that they accord top priority to data security as any low-level
threat can percolate to the wider network and cause the organization to
face financial penalties, lose revenues, incur customer wrath and have its
brand image and future business suffer.
The cons of a security breach
A Drain on Money and Other Resources
The first and foremost impact of a breach is the economic losses to an
organization, which go beyond just sales. Once confidential data is leaked,
companies would need to spend heavily on forensics to investigate the
breach as well as re-establishing stricter security protocols. Lawyer fees,
filing of lawsuits and payment of fines to data protection authorities, all
add up. Further, resources of time, energy and money are diverted to
fire-fighting rather than growth and development. Companies should just
avoid incurring double costs and disruptions by having cybersecurity
hygiene from the get-go.
Loss of trade secrets/Disruption of Operations
Computer hacking primarily involves theft of proprietary and confidential
information such as research, strategies, and financial reports.
Compromised information and intellectual property can make an organization
fall behind its competition by affecting its business operations and
continuity.
Loss of trust and valuation
Customer relationship is built on trust and such attacks can lead to loss
in reputation for a service provider. Cyberattacks can damage the
reputation of a company and shake the faith that its customers place in it.
A study conducted recently has shown that there is a strong relation
between cyber breach in a company and its share price performance with some
breaches having wiped off as much as 15% off companies' stock market
valuations. For instance, Yahoo’s massive hacks raised questions on the
company's deal to sell itself to Verizon Communications.
The lesson to be learnt
It is imperative for companies to be proactive about putting resilient
systems in place to safeguard a company against possible cybersecurity
threats. There are courses available which can equip people with the core
concepts of network security and an in-depth understanding of cybersecurity
mechanisms. Here are some other things to consider for professionals and
executives in any organisation working with technology-based systems:
Invest in protection
This assumes importance as technologies which help protect against possible
breaches can detect network intrusions before hackers have the chance to
access sensitive data. Assessing and identifying organizational
vulnerabilities and then formulating procedures to avoid them is the very
first step. Some companies choose to employ a security firm for this or
many prefer specialised training for their own trusted and employed
professionals.
Educate employees
Very often, employees may unknowingly download viruses, install
unauthorized software, register weak passwords or transfer work files to
their home computers. This can result in data breaches and vulnerabilities.
It is important to educate employees about best practices and how they can
use the internet securely. Besides the education of employees, management
and senior executives should also undergo basic training. One such course
that we offer at Acadgild is 'Ethical Hacking' which introduces people to
hacking concepts, network security, viruses, sniffers, cryptography and
more.
Encrypt company data
There is research to back the fact that about 60% of those companies who
faced a data breach did not encrypt their data. This is an essential step
to avoid possible hacking and loss of information.
Screen vendors
Organizations that provide any third-party with access to confidential
data, must do some research on their policies. This will help in
understanding whether they comply with security best practices. The first
Game of Thrones leak occurred owing to an outsourced agency that did some
work for HBO’s Indian content distribution partner.
In conclusion
Apart from all the above measures, organizations should have a contract in
place that protects them from liability in case of a security breach.
Technology is bringing the world together and therefore, the likelihood of
cyber-attacks will only amplify in the future. However, companies should
constantly update themselves about both the scale and sophistication of
cyber security threats and take adequate precautions to safeguard
themselves.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170914/0ec25dba/attachment.html>
More information about the BreachExchange
mailing list