Cybersecurity- What You Need To Know
In the digital age, we work, play, and shop online. For some, their online identity is every bit as important as their ‘real world’ one. With this in mind, cybersecurity is an issue that every single computer user should take seriously because of the potential for information to be misused or disrupted. There have been countless cases of identity theft online, which means failure to learn more about cybersecurity could have a significant negative impact on your life.
The Cost of Cybersecurity Breaches
According to the Ponemon Institue, a data security research organization, the average cost of a data breach, around the world, is a staggering $3.8 million per company. This represents a 23 percent increase since 2013. The Institute’s 2015 benchmark study surveyed 1,500 information technology (IT), compliance, and information security practitioners from 350 companies, spanning 11 countries.
The direct costs include:
- Investigation of the cause.
- Hiring experts such as Advanced IT Solutions to fix the breach.
- Creating customer hotlines.
- Providing victims of online theft with credit monitoring.
- Loss of business as wary customers move to a more ‘secure’ company.
Unfortunately, data breaches are becoming more commonplace, as cyber thieves are now, effectively comprised of criminal organizations and hostile foreign governments, with vast resources. In many cases, these resources exceed those of the entities trying to stop them. It is also worth noting that the average cost mentioned above, does not include ‘mega-breaches’ to giant corporations, which cost hundreds of millions of dollars.
- Home Depot: The cyber attack on Home Depot lasted for an estimated 5 months from April to September 2014. An estimated 56 million payment cards were affected in the breach, which affected stores in Canada and the United States. The cyber criminals used never-before-seen, custom-built software, and the overall cost to Home Depot was estimated at $62 million.
- Target: This was one of the largest ever recorded data breaches, where debit and credit card records were stolen from over 40 million Target customers; the hackers also managed to gain access to personal information, such as direct mail and email addresses, from approximately 70 million people. The breach occurred when malware was installed on Target networks, and it siphoned off customer information during the Christmas 2013 shopping period. Shoppers affected by the crime sued Target, and the corporation settled out of court for $10 million. Target’s quarterly profits also took a nosedive, as they fell by 46%.
- JP Morgan Chase: A series of sophisticated attacks, carried out with military precision, resulted in savings account and checking information, among other things being siphoned off by hackers, in July and August 2014. It is estimated that information belonging to 83 million homes and small businesses was compromised. According to authorities, the hackers tried to access the systems of a number of major companies during the attack. JP Morgan Chase claimed that the hackers did not gain access to sensitive information, such as Social Security numbers.
To be frank, the list of data breaches goes on, and it can make terrifying reading.
As you will surely ascertain from reading the above information, hackers are using increasingly advanced methods to perform their data breaches, and it is up to information technology (IT) experts to stay one step ahead. However, a large number of cyber attacks are minor,and are often made possible due to the carelessness of victims. Here are some quick tips that will hopefully prevent you from becoming another statistic.
Respect the Basics
Be sure to download software updates, because viruses thrive on outdated software. Delete any suspicious emails you receive, as these ‘phishing scams’ contain malicious links that damage your computer. Always use a reputable antivirus provider, use strong passwords on sensitive data, and make sure your staff is well trained in the field of cybersecurity. All it takes is one mistake and your company’s system can be compromised.
Once you get the basics right, the next step is to analyze the risks to your business, and determine the level of damage a cyber attack can cause. Find out what is directly at risk, which may be money, information, company reputation, product designs, or customer data. Consider the threats to this information, which may be employees, hackers, or rivals.
Next, think of the form the threat may take; this could be theft/access of computers, remote attacks on networks/systems, or information gained from an employee. Finally, determine the impact of an attack. This may include; loss of reputation and customer confidence, cost of fines, and financial losses because of downtime and repair bills.
It is important for you to not only identify the threats to your business, but also to manage the risks.
- Develop a Plan: Cybersecurity must become the most important aspect of your risk management policy. This means a plan must be created to address every part of your business in relation to cybersecurity.
- Act: Ensure the appropriate security controls are in place, including network security and user privileges, along with third party relationships.
- Review: Never rest on your laurels, as hackers are always creating new ways to breach systems. As a result, you must constantly review your cybersecurity, and update it whenever necessary.
You simply cannot afford to allow cyber criminals to run riot on your business. If it is possible for company records to be accessed electronically, you need to take steps to protect this information. Not only will you lose a fortune if you are the victim of a successful attack, but your reputation may be irrevocably damaged as well.