As businesses move further towards solely digital operations and management, the greater the risk of cyberattacks. Accenture’s 2017 Cost of Cyber Crime Study reported that the average annual number of security breaches has increased by 27.4%.1 A report from Cybersecurity Ventures predicts that the global annual cybercrime costs will grow to $6 trillion annually, by 2021.2 As cybercrimes increase, so do the security costs and investments to prevent them.
Understanding the threat environment
“One of the main cyber-risks is to think they don’t exist”, says Stephane Nappo, the Global Chief Information Security Officer at Société Générale International Banking.3 As a digital security expert, Nappo considers cyberthreats a reflection of information and systems weakness. Cyberthreats occur and penetrate the digital gaps, making the need for cyber protection a consistent company initiative.
If cyberthreats work to damage or disrupt a computer network or system, then it’s critical for security specialists to identify where the network, software, and hardware vulnerabilities occur.4 Understanding the threat landscape is the first step towards determining risk and investing in security control.
A report from Cybersecurity Ventures predicts that the global annual cybercrime costs will grow to $6 trillion annually, by 2021.
Cybercrimes such as data breaches have the potential to not only affect customers and their future loyalty to the brand, but also the company employees. While implementing appropriate cybersecurity is pertinent to preventing attacks, most cyberattacks are made possible through basic human error.5 Bo Yuan, PhD, Professor, and chair of the Department of Computing Security at Rochester Institute of Technology says, “An analysis of threats faced by organisations in the first quarter of 2017 reveals that cyber attackers still rely heavily on user interaction”.6 Equifax, the consumer credit reporting agency, felt the full force of their 2017 data breach, the attack compromised data from 147 million consumers, costing the company over $600 million.7 The breach was credited to human error and software bugs. Despite having processes to fix tech failures and catch hackers, these processes failed leading up to the data breach. The company was informed of the software vulnerability, with instructions to fix it within 48 hours. They failed to fix it, and the attack occurred just a few days afterwards on 12 May. The company only caught the hackers on the system on 29 July, almost 3 months later.8
Jeremiah Grossman, the Chief of Security Strategy at SentinelOne, stresses the basic nature of how cyberattacks occur from mistakes made within the organisation itself, often by employee negligence, “When a company gets hacked, it’s largely because there’s a computer, a box, a website that they didn’t know they owned”.9 Grossman’s cybersecurity advice is simple yet smart: do an inventory of every business asset. Systematically identifying computers and other devices can determine what resources are online, and where the risks might occur. His advice for IT security staff is to know exactly what is being protected.
An analysis of threats faced by organisations in the first quarter of 2017 reveals that cyber attackers still rely heavily on user interaction.
PHD, PROFESSOR, AND CHAIR OF THE DEPARTMENT OF COMPUTING
SECURITY AT ROCHESTER INSTITUTE OF TECHNOLOGY
Securing your network
As the internet of things grows, so does our interconnectivity. It’s been predicted that the number of connected Internet of Things (IoT) devices globally will grow from 27 billion in 2017, to 125 billion in 2030.10 Just one average device contains over 20 identified security risks.11 As technology advances, identifying software gaps in time has become a major industry challenge. A report developed by the Center for Strategic and International Studies, in partnership with McAfee concluded that close to $600 billion is lost to cybercrime each year.12 Will technology always be one step ahead of the curve?
Before spending thousands on firewalls and cybersecurity technology, companies need to accurately evaluate their assets. Securing the foundations is pivotal in ensuring cyber safety. Nappo considers the ‘back-to-basics’ approach to cybersecurity the most effective.13 Organisations should protect the basics, before “investing in ‘Star-Wars’ technology” as he phrases it.14
The threat of company data breaches is initiating dedicated cybersecurity campaigns. Financial Times estimates that, “High-profile data breaches will lead two-thirds of companies to raise their budgets for cybersecurity by at least 5 per cent over the next year.”15 Although it’s imperative to invest in cybersecurity technology, investing in cybersecurity training is just as necessary. Security shouldn’t be relegated to the IT basement; a security strategy should involve all employees and urge them to participate in working with security systems. Since the majority of data breaches are caused by employee negligence and human interaction, it’s vital that professionals are aware of the potential for cybercrime, so that they can be cognisant of how they can put their business at risk. Joseph Blankenship, an analyst at Forrester, says that among all the systems of data management and protection, he hasn’t seen a programme “I don’t think we’ve effectively seen a system that can effectively cut the human out of the loop”.16 The cybersecurity industry is set to exponentially expand, increasing the demand for specialists. It’s predicted that by 2021, there will be 3.5 million unfilled cybersecurity positions.17 The digital movement forces society to consider, how will you manage this new cyber environment?
It’s predicted that by 2021, there will be 3.5 million unfilled cybersecurity positions.
Cybersecurity tips to protect your business
Although businesses on the Fortune 500 may store extremely valuable data and assets, making an attack more enticing for hackers, small businesses aren’t outside of the threat landscape. Despite having less data, cyberattacks on small businesses can be crippling. From a poll conducted by Manta, 1420 small business owners were asked whether they thought their business was at risk of being hacked, 87% didn’t think so.18 Regardless of this assumption, small businesses are prime targets for hackers. Their small size, lack of dedicated security professionals and minimal data defence budgets make cyber attacks far easier, and more devastating, compared to those directed to large corporations. However, cybersecurity doesn’t have to be a major financial liability. Cybersecurity begins with the essentials.
These cybersecurity tips identified by the U.S. Department of Homeland Security may account for defending your organisation:19
1. Improve your password security
Chris Pirillo, founder and CEO of LockerGnome said, “Passwords are like underwear: don’t let people see it, change it very often, and you shouldn’t share it with strangers”.20 Creating a strong and unique password for each device and establishing a two-step authentication could stop most cyberattack attempts. As most businesses operate online and over email, this precaution could eliminate data or network compromises.
2. Operate on secure networks
Public networks naturally access your private data. Secure your WiFi and choose your internet services carefully. Chris Wysopal, the Chief Technology Officer at Veracode, urges the importance of operating on safe platforms, “Don’t put data out there, into Facebook or something, unless you really want to share that out to the world”.21 Not all technology is to be trusted, and more often than not, it’s compromised in some manner.
3. Don’t fall prey to phishing
Phishing emails are one of the biggest risks to online users.22 Phishing works to create legitimate emails that once clicked, open a gateway to accessing your information, your assets, or installing malicious software on your device. In order to combat these risks, companies need to educate employees on what constitutes phishing and other malware traps.
4. Create employee awareness
Forbes urges businesses to implement cyber training. Informing your organisation about the potential security risks will help ensure a cybersecurity policy is understood, and maintained. Once a policy has been created, employees will recognise what cybersecurity best practice entails, the safety procedures, and protocols for security breaches.
Updating computers and creating backups also appear among the top cybersecurity tips. Installing your devices with the latest software could ensure you’re protected from the latest threats.24 Religiously making information backups means that if your data is accessed or lost, you’ll be able to recover it.
Organisations that fail to protect data and breach GDPR can be fined 4% of annual global turnover, or €20 million, whichever is greater.
Educating yourself about cybersecurity threats and the potential damage is arguably the best protection strategy. Despite the majority of security compromises coming from human error, individuals won’t avoid the consequences.25 Andrew Jones, Senior Sales Engineer at Shape Security says getting fired for cyber negligence is a reality, “This is exactly what can happen if you fall victim to an email phishing campaign or other social engineering attack and become the vector by which your company exposes sensitive information”.26 The risk is so serious, that data protection has become an enforced regulation within the European Nation. The General Data Protection Regulation (GDPR) is a set of data protection rules for all companies operating in the EU as well as global companies with EU customers.27 Organisations that fail to protect data and breach GDPR can be fined 4% of annual global turnover, or €20 million, whichever is greater.28 The pressure to protect is as much a matter of reputation, as a financial imperative.
Cybersecurity practices aside, perfect online barriers are unattainable. Attacks are becoming more sophisticated and advancing at a pace that cannot always be detected. Ted Schlein, a venture capitalist with Kleiner Perkins Caufield & Byers, has a simple way of categorising companies; “Most people are starting to realise that there are only two different types of companies in the world: those that have been breached and know it and those that have been breached and don’t know it”.29 The 2017 Cost of Data Breach Study discovered the average length of time to detect an organisation data breach is six months.30 The same study identified it takes 66 days to contain a data breach. Imagine the extent of digital damage and long-term business implications that occur within 191 days? It seems like self-sabotage to not consider the simple cybersecurity tips from industry experts.
What does the future of cybersecurity look like? Cybersecurity is intrinsically connected to cyberspace, as one advances, so the other attempts to combat it. As the digital landscape expands, the number of devices and network structures do too.31 As data increases, the need for more powerful cybersecurity will as well.
As security roles within the industry increases, the potential for artificial intelligence and machine-based protection is similarly growing. Machine learning algorithms that analyse large sets of data can survey networks and be trained to react to different scenarios.32 However, machines against machines pose a number of issues still to be resolved.
What’s for certain within the digital revolution is every business and person carries information that is valuable. Adopting cybersecurity is going to be a personal and professional commonplace, a habit as common as locking your front door. Cybercrime is particularly sinister. Its mysterious ways work to only reveal itself once the damage is done. Despite the complexity of a cyber network and the necessary security, implementing the basic cybersecurity advice found above and online, can win you half the battle. What will you do to protect your business?
- 1 (2017). ‘2017 cost of cyber crime study’. Retrieved from Accenture.
- 2 Morgan, S. (Aug, 2018). ‘Hackerpocalypse: A cybercrime revelation’. Retrieved from Cybersecurity Ventures.
- 3 (Aug, 2018). ‘Top 27 cyber security quotes’. Retrieved from Security First Corp.
- 4 Begin the conversation: Understand the threat environment’. Retrieved from U.S Department of Homeland Security.
- 5 Bradford, L. (Mar, 2018). ‘What you need to know about cybersecurity in 2018’. Retrieved from Forbes.
- 6 Bradford, L. (Mar, 2018). ‘What you need to know about cybersecurity in 2018’. Retrieved from Forbes.
- 7 Bradford, L. (Mar, 2018). ‘What you need to know about cybersecurity in 2018’. Retrieved from Forbes.
- 8 Hautala, L. (Oct, 2017). ‘Equifax ex-CEO: Here’s what went wrong’. Retrieved from CNET.
- 9 Kan, M. (Feb, 2017). ‘The best cybersecurity advice from experts at RSA’. Retrieved from PC World.
- 10 (2017). ‘The Internet of Things: a movement, not a market’. Retrieved from IHS Markit.
- 11 Chambers, J and Stewart, N. (Jul, 2015). ‘Why cybersecurity leadership must start at the top’. Retrieved from Forbes.
- 12 Lewis, J. (Feb, 2018). ‘Economic impact of cybercrime’. Retrieved from CSIS.
- 13 Nappo, S. (Dec, 2019). ‘Sometimes less is more…’. Retrieved from Linkedin.
- 14 Nappo, S. (Dec, 2019). ‘Sometimes less is more…’. Retrieved from Linkedin.
- 15 Ram, Alia. (Oct, 2018). ‘Data breaches persuade companies to raise cyber security budgets’. Retrieved from Financial Times.
- 16 Ram, Alia. (Oct, 2018). ‘Data breaches persuade companies to raise cyber security budgets’. Retrieved from Financial Times.
- 17 Morgan, S. (May, 2017). ‘Cybersecurity jobs report 2018-2021’. Retrieved from Cybersecurity Ventures.
- 18 (Mar, 2017). ‘Are small business owners protecting themselves from cyber attack?’. Retrieved from Manta.
- 19 (2018). ‘Good security habits’. Retrieved from U.S. Department of Homeland Security.
- 20 (2018). ‘Top 27 cybersecurity quotes’. Retrieved from Security First Corp.
- 21 Kan, M. (Feb, 2017). ‘The best cybersecurity advice from experts at RSA’. Retrieved from PC World.
- 22 (2018). ‘Good security habits’. Retrieved from U.S. Department of Homeland Security.
- 23 Kappel, M. (Nov, 2017). ‘5 ways to improve your small business cybersecurity’. Retrieved from Forbes
- 24 Kappel, M. (Nov, 2017). ‘5 ways to improve your small business cybersecurity’. Retrieved from Forbes
- 25 Bradford, L. (Mar, 2018). ‘What you need to know about cybersecurity in 2018’. Retrieved from Forbes.
- 26 Bradford, L. (Mar, 2018). ‘What you need to know about cybersecurity in 2018’. Retrieved from Forbes.
- 27 Retrieved from European Commission.
- 28 ‘GDPR key changes’. Retrieved from EU GDPR.ORG
- 29 (Aug, 2018). ‘Top 27 cybersecurity quotes’. Retrieved from Security First Corp.
- 30 (2017). ‘2017 cost of data breach study’. Retrieved from IBM.
- 31 (Jul, 2018). ‘Meeting cyber security challenges in a connected world’. Retrieved from IT News Africa.
- 32 Newman, L. (Apr, 2018). ‘AI can help cybersecurity – if it can fight through the hype’. Retrieved from Wired.