By John Loveland, Global Head of Cyber Security Strategy & Marketing, Verizon Enterprise Solutions
While high profile cybersecurity breaches captured everyone’s attention in 2017, the real story was how far reaching cybercrime became last year. With the emergence of ransomware, it became clear that businesses of all sizes in all industries across all geographies were at risk of cybercrime. More and more businesses are suffering ransomware attacks and damages to all businesses were estimated to be over $5 billion in 2017. It’s clear that organizations can no longer ignore this growing threat to their bottom line.
Protecting your organization isn’t going to get any easier. The high return on investment from cybercrime and the rise in malware- and ransomware-as-a-service models virtually assure that this risk will only increase in the future. On the other hand, while cyber attackers are intent on making bank from their work, they’re costing organizations in obvious – and not so obvious – ways. Make no mistake, they want to extort your money and take your monetizable data. They are really good at it. As an example, Equifax reported in September that during a cybersecurity breach, hackers had accessed company data that contained information, including Social Security numbers and driver’s license numbers, for 143 million Americans. India was amongst the countries affected by the breach with the country’s largest port, Jawaharlal Nehru Port Trust, in Mumbai shutting down operations at one of its three terminals. Additionally, AP Moller-Maersk’s Gateway Terminals India (GTI) at Jawaharlal Nehru Port Trust(JNPT)also faced severe disruption.
However, it’s not the only data that companies are losing. Cyber criminals are also increasingly targeting intellectual property and trade secret information—essentially the invaluable data that companies rely on to develop new products and maintain the competitiveness of their existing ones. They are also targeting critical infrastructure and customer-facing systems and sites.
In addition, company leaders who have been through a cybersecurity breach before can attest: It’s not business as usual. In fact, the 2017 report from Accenture notes that business disruption accounts for 39% of the cost of a cyberattack. The lost dollars come from decreased productivity as staff focuses on how to mitigate the problem, and general interruptions of regular business.
For instance, employees of the FedEx Corps’ TNT unit were still handling some transactions by hand more than a month after a June 2017 cyberattack. The company noted that due to the attack, it was forced to rely on manual procedures for a significant portion of its operations.
The good news is that there are measures you can take to reduce the threats and the impact of a cyberattack. Understanding these threats, which include DDoS attacks, malware, unintentional errors that cause breaches and more is critical to effective cybersecurity efforts.
Now is the time to get smarter with cybersecurity. Here are basics that every organization should take to improve their security:
• Educate and engage your staff. Employees are your first line of defense. Train them to spot the warning signs of a potential scam or attack, as well as on the importance of maintaining strong passwords.
• Pay attention to data access.Ensure that sensitive data is only given to employees who need them.
• Align your budget with the threats. This is key. Get a sense of which threats are most prevalent in your industry, and then make sure your security spends addresses those risks first.
• Institute early warning systems. Log file and change management systems provide a real-time record of activity, and offer early warnings signs that something is amiss.
• Build sustainable security. Be realistic in what you can do internally and reach out externally for what you can’t.
Maintaining a secure network presents, at times, challenges that may appear to be insurmountable. Even when enterprises are confident they are fully protected against security breaches today, the increasing complexity of attacks can outpace the people, processes and technology needed for tomorrow.
Cybercrime isn’t going away. But understanding the damage and cost a cybersecurity breach can cause an organization, and prioritizing initiatives that address the right threats can help reduce the risk of threats and the impact of an attack if one occurs.