Cybersecurity – The #1 Risk Business Leaders Can’t Afford to Ignore
The risk of cybercrime to businesses of all sizes is very real, with significant costs, and can no longer be ignored. Planning ahead is essential to ensuring business continuity. Cybersecurity Ventures, a leading researcher and online resource for the global cyber economy projects global cybercrime costs to increase by 15% per year, reaching $10.5 trillion annually by 2025. And according to global cybersecurity leader Trend Micro Inc., in their Cyber Risk Index Report, an annual survey of 2,800 IT managers and practitioners from the US, Europe, and Asia/Pacific, 26% of global corporations fell victim to 7 or more cyberattacks in the past year, and over 80% of these expect such attacks to be “somewhat” or “very likely” to succeed.
Coronavirus Drives Pivot in Cybersecurity Response
Since COVID-19, the demand for enhanced cybersecurity across industries has increased exponentially, with specific needs to address the new realities of a world in pandemic mode. As companies shut down and employees worked from home in unprecedented numbers, chief information security officers (CISO’s) had to create secure connections for this extensive new remote workforce. Also, the surge in online commerce required significant systems upgrades. CISO’s had to reallocate budgets to cover COVID-related costs, putting planned security improvements on hold and possibly exacerbating already identified risks and existing threats.
Identifying Vulnerabilities, Understanding Consequences Essential to Cyber Defense
The first step in defending against cybercrime is understanding risks and identifying where your systems are susceptible. According to Trend Micro’s Cyber Risk Index, top cyber threats include:
- Ransomware (malware that cryptically blocks access unless a ransom is paid)
- Social engineering/phishing (techniques to trick people into providing personal data)
- Clickjacking (concealed hyperlinks trick people into unintended actions revealing personal data and allowing control of one’s computer)
- Fileless attacks (tools built into software that allow attack and leave no code, file, or traceable footprint)
- Botnets (unsuspecting network of computers infected by malware and controlled by a hacker)
- Man-in-the-middle attacks (attacker intercepts communications between users, able to “eavesdrop” or alter the communications)
Certain situations present particular vulnerabilities: In automated buildings, every system and device are unique yet connected, each with its own unique cyber risks; and connected devices are easy to infiltrate. Healthcare facilities are high-value targets, with hackers launching constant attacks; medical records are “best sellers”, fetching up to $1,000 per record on the dark web (Forbes.com 1/8/2021).
When developing a cyber defense plan, organizations should also consider potential problems, which could include:
- Loss of confidential employee and customer data
- Access to intellectual property and financial information
- Customer churn/loss of existing customers
- Interruption of operations
- Damage to critical infrastructure
- Stolen or damaged equipment
Ransomware Makes for Expensive Holidays
Ransomware, the most common form of cybercrime, is expensive. It encrypts files, locks out users, potentially corrupts data, and can cost companies millions in ransom payouts. Attacks have tripled since 2013 (Economist.com 6/19/2021).
Companies should be particularly vigilant during holidays, when IT staff is reduced, systems are more vulnerable, and protective responses delayed (Fortune.com 7/6/2021). The recent Kaseya hack occurred over the July 4th weekend, affecting nearly 1,500 businesses, and last year’s SolarWinds hack occurred just before Christmas, attacking over 100 private companies, think tanks, and branches of the US military.
Employee Training and Cybersecurity Policy
An essential component of a good cybersecurity plan is an up-to-date, readily available cybersecurity policy. All employees, from entry level to the C-suite, should understand the policy and be trained to recognize and avoid security risks. Mitch Berger, Managing Partner of IMSA Search Global Partners USA and IMSA Board Member, relates, “Many of our clients in the C-suite and HR departments have told us that cybersecurity is now a prominent part of employee onboarding, with hands-on training about online information sharing, passwords and security questions, two-factor authentication for account access, and what to look for in emails and other communications which would signal a cyber threat.”
Prevention is the Best Policy
The effects of any cyberattack can be catastrophic, resulting in business disruption, harm to company or brand image, customer loss, data theft, and in some rare cases, loss of life. The costs can be catastrophic as well. Experts recommend companies get ahead of the problem, addressing vulnerabilities before cyberattacks occur, by implementing the following preventive measures:
- Identify and assess risk areas across applications, devices, and people
- Implement the ability to automate responses to abnormal activity
- Adapt systems to remotely resolve issues
- Create policies and action plans for quick and effective response in the face of an attack
- Empower CISO’s with appropriate budgetary and human resources to provide proper planning, training, and continual monitoring and upgrading of systems
In today’s business environment, where online and digital are the way business gets done, cybersecurity is a top priority. And in the words of Benjamin Franklin, “An ounce of prevention is worth a pound of cure.”