[BreachExchange] The True Cost of a Cyberattack

Audrey McNeil audrey at riskbasedsecurity.com
Mon Nov 28 18:44:28 EST 2016


http://www.itsecurityguru.org/2016/11/22/true-cost-cyberattack/

Though a cyberattack could happen at any moment, a lot of organizations are
ill-prepared and don’t have a plan set up to deal with the aftermath of
such an occurrence. Even a quarter of IT professionals aren’t exactly
confident in their organization’s ability to remediate when or if a
security breach happens, and it appears this is mainly due to a lack of
awareness about the need for a plan in the first place.

Even if your organization does have a solid plan in place, a cyberattack
could cause a heap of damage that can extend to your clients. Now imagine
what sort of experience your company could have without a plan set up.
Ideally, your employees should be ready to take the proper course of action
immediately after a security breach has occurred, as to not only completely
remedy the situation, but also safeguard any data or devices that have yet
to be accessed by the hacker.

Sometimes a company feels they are already well prepared for a cyberattack
(with or without an incident response plan on board), but unless the topic
of internet security is regularly spoken about and taught within the
workplace itself, there may be a few things they could improve on. To
understand the importance of all of this, we must consider what the true
cost of a cyberattack is, or could be, for a company and understand why
businesses might be targeted. It’s also crucial to learn about practical
tips organizations can use to protect themselves.

Why Companies Might Be Targeted

There are a variety of reasons why a hacker might target a company in
particular, but in most cases, there’s likely a potential gain in sight for
the hacker. Perhaps they know you have a lot of customer data on file,
including credit card numbers and other banking details, they can use to
commit identity theft. Sometimes there is information they can sell online
to others who are willing to pay hackers to provide them what they’re
looking for.

Since businesses often have a large amount of personal information about
both their employees and clients, they might be a more favorable target to
certain hackers. Security is sometimes lacking within certain organizations
too, especially when they’re smaller, or were recently started. Your
company may also be vulnerable to cyberattacks when an employee leaves and
passwords aren’t updated, or if your company is promoting anything that
could be viewed as controversial to some people.

Overall, companies tend to have a lot more to offer a hacker than the
average internet user, so that fact alone may be enough to tempt a hacker
into targeting them in particular.

Ways Hackers Access Data

Now that you’re aware of a few possible motives that could be the driving
factor behind a hacker’s decision to target a company, it’s important to
know how they access the data. By knowing how they can attack your company,
you’ll be able to address potential vulnerabilities within your system
better and prevent them from accessing your data.

Perhaps one of the most common ways hackers access a company’s data is
through “spear phishing,” which is presented as an email or another type of
message that contains a hyperlink or file that ultimately injects malware
onto the device it was opened on. The malware can then be used as a way for
the hacker to access (and even control) the device and sometimes every
other device on the same network as well.

Though it’s not technically hacking, hackers or others with ill intent can
obtain passwords to access company accounts. Sometimes employees or former
employees might leak passwords; they could be guessed or an employee could
be tricked into handing over details that can be used to access accounts
(such as the answers to security questions linked to the accounts).

Another way hackers can access a company’s data is by hacking into their
devices through an unsecured, or public, network. If your business uses
public WiFi or doesn’t properly secure their internet connection, a hacker
can access it just by being in the range of the signal. Any passerby, even
those outside of the building, could then victimize your company through
this method.

There are a variety of other methods hackers can use to access data as
well, and the ones mentioned above are unfortunately just a preview of the
possibilities.

The True Cost

So why exactly do companies, both big and small, need to worry about a
cyberattack? The answer is simple. Any data you have stored is a reflection
of your company’s inner workings, and a security breach can be viewed by
potential and current customers as just the same.

If your customers’ personal information gets leaked because of a data
breach, your company’s reputation can quickly plummet, and there’s no
guarantee your customers will be very forgiving. A hacker could use their
information to commit identity theft or access their accounts even,
stirring up a lot of trouble for those who invested in your products or
services.

>From the customer’s perspective, legal action against your company may seem
appropriate, and they may decide to use your competitor for any future
business. Overall, a cyberattack could cost both you and your clients a lot
of money in the long run, so it’s crucial you make internet security a top
priority within your organization.

The Potential Solution

Besides educating your employees about cybersecurity and implementing a
strict policy regarding safer internet use or the handling of data, you
must equip your devices with the proper software and provide your staff
with the tools they need to prevent a cyberattack. All of the
internet-enabled devices associated with your company should have basic
security software at the very least. An anti-virus and a Virtual Private
Network (VPN) are two that are great to start out with.

An anti-virus will scan and prevent malware on different platforms, as well
as secure your email clients and provide protection for your servers. As a
company, you won’t be able to get by with a free anti-virus, but one
specifically for businesses won’t usually cost more than $50 per year. As a
bonus, most anti-viruses designed for company use offer extra features that
can come in handy.

A Virtual Private Network (VPN) is important because it can help you
protect your devices from hackers who take advantage of unsecured internet
connections (which many businesses use if they have a storefront). It can
also provide some anonymity online since it will mask IP addresses. VPNs
work by simply routing internet traffic through an encrypted remote server
and cost less than $15 per month on average.

VPN service may be even more important for use on personal devices, since
managers and CEOs sometimes store some company data on their own devices
and may be more likely to forego good cybersecurity habits while on the go
with their personal phones, tablets, laptops, etc.

Most importantly, be sure all of your employees are up to date with the
latest cybersecurity news and are also trained on the topic of internet
safety on a regular basis. And don’t forget to create an incident response
plan for your company if you do not already have one! The true cost of a
cyberattack can be a heavy burden for any organization, so ensure you’re
making internet security a top priority for your company.

Do you have any tips for organizations who are concerned about hackers and
data breaches? Please share them in the comments.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161128/7c6f612e/attachment.html>


More information about the BreachExchange mailing list