Important Statistics on Cybersecurity
Cyberattacks targeting businesses almost doubled from 82,000 in 2016 to 159,700 in 2017. Additionally, seven billion records were exposed in the first three quarters of 2017 and the FBI reports that global BEC ((Business Email Compromise) losses amounted to $5.3 billion USD.
According to the 2017 Cost of Cyber Crime Study by Ponemon Institute, the average annualized cost of cybersecurity is $ 11.7 million USD. The report also indicates there is an average of 130 security breaches per company each year, which has increased from 102. The percentage increase in the cost of cybersecurity in a year is 22.7% and the percentage increase in the average annual number of security breaches is 27.4%.
Today, cyberattacks are taking place in a wide range of businesses around the world. It is, therefore, no surprise that 7 out of 10 organizations report that their security risk increased considerably in 2017.
In another survey, network security is the leading investment priority of 59% of respondents composed of 150 individuals involved in the purchase or management of infrastructure systems as of August 2017.
Despite making cybersecurity a top priority, however, only around 33% of organizations believe they have enough resources to manage security effectively.
What should organizations do?
Before going into the solutions, let us first identify the problems
What type of problems and difficulties do organizations face regarding cybersecurity?
1. Cyberattacks continue to increase and have become more intense
In addition to the 2017 statistics mentioned earlier, IT Governance reports that, in January 2018 alone, a total of 7,073,069 records were breached. The following month the total number of breached records was 2,234,633.
In 2017, companies that fell victim to WannaCry and NotPetya claim that they were well-protected at the time of the attacks. These incidents prove that despite all the advances in technology, hackers still manage to get into computer systems
2. Organizations have become more vulnerable because of the growing complexity of technology
Going digital is a normal sign of progress, and, unfortunately, this also makes businesses more vulnerable to cyberattacks. Since almost everything these days is done online, thousands of individuals, as well as organizations, who are connecting digitally through apps, computer servers, workstations, and many other devices face increased risk from this connectivity. While many organizations have the latest anti-virus, malware-detection software, best-of-breed security operations and incident-response procedures, they do not have control of third-party suppliers or contractors who interact with their company. Even if they sign a nondisclosure agreement, there is no way for the organization to know if these third-parties have best high-level cybersecurity practices. Hackers can easily get into the computer systems of these third-party vendors through unsecured Wi-Fi or employees’ personal devices that are brought onto their premises.
3. Multiple entry points for cybercriminals
Cybersecurity or cyber risk, goes beyond the early days of basic IT environments and now includes a wide range of internet connectivity, including IoT. As a result, there is a significant increase in the number of vulnerable devices. For example, smart homes and smart cars are all connected to the internet, thus adding even more avenues of vulnerability from cyberattacks.
4. Treating cyberrisk as just part of the company’s “growing pains”
Unfortunately, management seems to take for granted that cyberattacks on their business are the new normal. Typically, there are three common responses that they make when faced with a threat:
- They delegate the problem to the IT department
Management generally treats cyberrisk as a technical issue that IT can deal with. While it’s true that the IT department should have the training and the experience to solve technical problems, including protecting the company servers, the other entry points can often be overlooked. All employees, including executives, should be trained on best practices for protecting the companies’ digital assets (e.g. not opening emails from an unknown source, encrypting emails, etc.) and holding them accountable.
- Hiring hackers to defend the organization’s systems from cyberattacks
Some organizations think that hiring hackers is and effective way to defend the company from cyber attacks, but even the best hackers cannot anticipate the sheer volume of attacks and entry points when so many devices are used in the company.
- Treating cyberrisk as a compliance problem
Many companies roll out several cybersecurity protocols and checklists as a matter of industry or government compliance. Meeting compliance requirements is not an all encompassing solution and may only address a part of the cyber risk landscape their company is exposed to.
What can companies do to improve cybersecurity?
1. Cybersecurity is not an IT problem, it is a risk management issue
Cyberrisk is just like other critical non-financial risks. When managing cyberrisk, companies should learn to prioritize relevant threats as well as determine its willingness to accept some risk (risk appetite). Initiatives to minimize risk should also be clearly defined. Most importantly, organizations need to place a governance approach that includes transparency and real-time risk management.
2. Treat cyberrisk as part of the business
Many businesses tend to put a lot of money into state-of-the-art computers and other devices but do not invest enough into other important aspects of business such as vendor risk management. Even if a business is equipped with the best technology and hardware, if cyberrisk is not specified and prioritized, their benefits will easily be overcome by unanticipated breaches.
3. Organizations should be able to adapt
These days, it is inevitable that a business will experience a cyberattack. When that happens, the company should assess not only degree of breach but also the degree of success of its existing procedures. Even its products need to be reviewed and adjusted as cyberattacks evolve.
4. Having a successful cybersecurity strategy involves having comprehensive and collaborative governance
Cybersecurity should involve everyone in the organization – from the CEO to the rank and file, and even third party vendors. Cybersecurity is no longer about protecting computer servers, everyone who works for the company should know what their responsibility is with regard to cybersecurity.
These are fairly simple steps that businesses can do to improve cybersecurity measures and ultimately increase their bottom line.
Tip of the Week
Firewalls cannot guarantee that your network is secure
A firewall is technology that monitors incoming and outgoing network traffic. There are two types of firewalls – software and hardware.
The typical home network setup consists of a router (hardware) and a PC running Windows that contains an integrated software firewall.
The setup may look secure but that’s not necessarily the case. This is especially true for users who have not performed firmware updates for their router.
To confirm if your firewall is secure, please contact Netswitch and our cybersecurity experts can assist you.
The post Improved Cybersecurity Measures for Better Organizations appeared first on Netswitch Technology Management.
This is a Security Bloggers Network syndicated blog post authored by Press Release. Read the original post at: News and Views – Netswitch Technology Management