Yet, no matter how blurry the picture of cyber crime’s scope, we know you want to avoid the “oh crap!” moment that comes with realizing you’ve been hacked. This article explores why prevention is essential and provides some suggestions for proactive action.
The Cyber Crime Landscape
As we mentioned, cyber crime often goes undetected or unreported, so it’s difficult to capture the full scope of its threat. Considering these findings, though, highlights the very real danger:
- Cybercrime is expected to cost the world more than $6 trillion in 2021, up from $3 trillion in 2015, according to Cybersecurity Ventures.
- In October 2016 the Ponemon Institute released its annual study of cyber crime based on 237 companies in six countries. The Cost of Cyber Crime study measured 465 total attacks to reach a $9.5 million average annualized cost — a 21% increase over 2015.
- Cyber crime cost the global economy as much as $450 billion, according to Hiscox Insurance, which in 2016 surveyed 3,000 businesses to gauge how well prepared they were to deal with an attack.
“This is an epidemic of cybercrime, and yet 53 percent of businesses in the U.S., U.K., and Germany were just ill-prepared,” Hiscox’s CEO Steve Langan told CNBC.
Plus, every day there are new technological innovations requiring preventative attention. For instance, the Center for Strategic and International Studies’ recommendations prepared for the most recent American president noted, “the growth of the Internet of Things means there will be an unavoidable failures of hardware and software, and an unavoidable increase in opportunities for hackers.”
No wonder cybersecurity is also one of the fastest-growing segments of the global technology industry, per CSIS. Unfortunately, Cybersecurity Ventures predicts the severe shortfall in cybersecurity employment — with one million open jobs in 2016 — will reach a 1.5 million shortfall by 2019.
“Information loss or theft is now the most expensive consequence of a cyber crime.”
Why Prevention is Essential
Cyber attacks take two forms for business: data security breaches or sabotage. Breaches include a malicious user accessing personnel data, intellectual property, or trade secrets, while a denial of service attack or disabling your system or infrastructure would be considered sabotage.
Either of these approaches can send a company reeling from:
- Commercial losses
- Public relations problems
- Disruption of operations
- Equipment damage
- Drain of resources expended investigating, containing and recovering from an attack
- Exposure to regulatory action or negligence claims
- Inability to meet contractual obligations
- Loss of trust among customers and suppliers
Worse still, White & Case suggest “cyber crime is only likely to rise, despite the best efforts of government agencies and cyber security experts.” After all, the rapid pace of technological innovation provides ever more entry points.
Meanwhile, the cyber criminal is seldom caught and highly motivated to adapt quickly to find new opportunities to make money or wreak havoc on an enterprise’s systems.
What You Can Do
Advice on how to counter cyber risk is plentiful. Governments and industry groups around the world are working to promote cyber security guidelines. At the same time many private organizations are available to identify vulnerabilities and offer suggestions of how to fix them. RedTeam is one of them!
In the meantime, what can you do? Here are four important steps to take:
It’s something we constantly preach: regular backups are key. Make sure vital systems files are backed up to a computer that is offline and not connected to any network. This added measure decreases a malware’s ability to spread and wipe your configuration files.
The Ponemon Cost of Cyber Crime study found that only 39% of its respondents reported advance backup and recovery operations. Yet the practice reduced the average cost of an attack by nearly $2 million!
#2: Develop and implement a security plan
Businesses must first identify security vulnerabilities and develop policies to address those. This can include removable media policies, user privileges, malware protection, and more.
In considering security threats, don’t overlook important physical securities as well. Data breaches and sabotage can start with someone with ill intent getting onsite access to do reconnaissance.
In Ponemon’s research, the companies with a self-reported tight security policy saw an average cyber crime cost of $7.9 million, a sharp drop from the average cost of $9.5 million.
Having a formal information governance program reduced the cost of cyber crime by nearly $1 million
#3: Educate employees
Your organization can have the best-designed information risk management plan in the world, but it won’t help if your employees aren’t apprised of the need to question rather than trust.
“Unfortunately employees tend to be the weakest link in an organization,” Robert Herjavec said in the Cybersecurity Ventures report.
Yet an IBM study of C-level executive awareness of how to effectively combat cyber attacks found only 57 percent of the CHRO’s had rolled out employee training that addressed cybersecurity.
Cybersecurity awareness starts at the top of the food chain. Make sure employees understand the risks of:
- Revealing too much information on social media
- Using “123456” or “password” as their passwords
- Clicking on malicious links or downloads
- Accessing internal systems from mobile devices while offsite (i.e. Waiting in line at Starbucks)
- Assuming an attack won’t happen to them
Always assume your network is a prime target for cyber attack. Keep your information and communications technology safe by keeping security patches up to date. Encourage employees, too, to install updates.
Some updates are done automatically, but if not, it’s important to enable any security patches provided by vendors when they are offered. These updates can seem endless, but keep in mind these help you stay ahead of hackers working to discover and exploit security flaws.
If you need an extra hand getting prevention measures in place, our highly trained security consultants can test your web application, physical, and network infrastructure security to identify flaws and vulnerabilities that might provide unauthorized access. We can then help you leverage our comprehensive follow-up report to proactively boost your security controls in the future.
Learn how RedTeam can help secure your business. Select a time that works best for you right here and let’s start the conversation.