There is a responsibility for businesses both big and small to fight cyber-attacks proactively. The scale and structure of these attacks are constantly evolving and you need to be thinking about how to protect your business and your customers.
The Cyber Security Breaches Survey 2016 produced by Ipsos MORI and the University of Portsmouth in the UK found that sixty five per cent of large businesses experienced a breach or attack in the last year. Recent attacks have ranged from an attack on a central bank (Bangladesh) to major corporations like Yahoo, Tesco and Three mobile.
These attacks might make you think that you need not worry, but these organized criminals are always looking for the easiest target. Small businesses have been found to be the least likely to train their staff in how to combat cybercrime. This has led to smaller businesses being denied access to their own data until a ransom is paid (ransomware). In total it is estimated that cybercrime costs the global economy $400 billion per annum.
What is there for the cyber-criminal to gain through these attacks?
Principally: personal data, financial records and private documentation. The use of your data by these criminals is not always for an obvious reason; that is why at times your security and the security of many businesses both big and small is not adequate or reactive enough.
A new report produced jointly by BT and KPMG: ‘Taking the offensive: Working together to disrupt cyber crime’, advises that businesses need to work collaboratively to tackle the changing threats of cyber criminals, even if this means sharing best practice with competitors. Mark Hughes the CEO for security at BT points out that when the central bank of Bangladesh was attacked it was the actions of other central banks that restricted the loss to $81 million.
Another recommendation of the report was that the cybersecurityindustry needs people that have the ability to think like criminals, understanding the motivations and methods used to attack computer systems. The criminal networks are proving to be complex, innovative and evolving enemies of the legitimate business world. They are shadow businesses themselves that have the advantage of being able to operate unethically.
The only way you can combat organizations like these is to go beyond mere compliance. You need to tap into the psychology of the people trying to attack and manipulate the systems that modern businesses have come to rely upon. Then you need to build defenses and responses to thwart any attacksthat could impact your business.
Big business is becoming aware of the need to upscale its efforts to fight cyber-attacks. Cybersecurity can directly impact the value of a company. During recent mergers and acquisition processes questions are being asked: How do you repel cyber-attacks and how quickly do you recover after a successful attack?
Cybersecurity may be a high priority for senior managers but there seems to be a knowledge vacuum in most boardrooms. Computer systems are left to the IT department;budgets are kept to a minimum, as most managers cannot quantify an ever-changing platform of risk. In most large companies it is the legacy technology that can create vulnerabilities, this older equipment can be slower to react. Cyber criminals have a predisposition to take the least line of resistance and will often target these vulnerabilities.
Conversely, it can be newer technology that exposes companies to risk. As you attempt to link with the latest social media platforms and create apps, you will naturally open your systems up to third parties. When not planned properly, this can leave openings for breaches and attacks.
The true cost of breaches in cybersecurity is hard to measure. When failing to be compliant there are very real costs as regulatory bodies will hand down specific fines, but a report by Deloitte highlights some of the underlying costs that can be much harder to measure such as an increase in the cost of insurance; the devaluing of your brand and most importantly the loss of customer confidence.
Training is available so that you can avoid these pitfalls and consequences, Maryville’s cybersecurity degree offers you training to be prepared and stay prepared in this ever-changing landscape. This is not an issue that you can leave to the government or big business. If they are playing catch up, you should too.
Cybercrime is on the rise and everybody needs to be more aware of how to combat it. Information is being stolen, sold, held to ransom and used for purposes we cannot imagine. Cybercrime is an issue for big, medium and small businesses. Taking cybersecurity seriously, sharing information, investing in training and constantly evolving are the only ways to protect your interests.