Business Must Avoid Cyber Complacency

Across every industry, every country and every size of business, one thing is certain. The threat from cyber-attacks is growing every day. 

The amount that businesses are spending on security is also growing, with global spending on track to reach $133 billion in 2022 according to the experts at IDC. Cybersecurity was one of the biggest threats that businesses faced in 2019. The number of US and UK firms reporting a cyber-attack is ever-increasing, particularly those of an SME size.

The driving factors influencing the global industrial cybersecurity solutions market includes increasing phishing threats and malware, growing adoption of Internet of Things (IoT) and Bring Your Own Device (BYOD) in the organisations.

This is increasing demand for cloud based cyber security solutions, constant need of industry standards, complexities, and regulations for device security. With the increasing popularity of cyber security, the activities are being highly aligned and prioritised to strategic business activities to reduce the loss of IT resources. This leads to generate a huge scope of opportunities in the global industrial cyber security solutions market.

The increasing concerns over of the cyber threat to organisations has driven the demand for industrial cybersecurity solutions industry.

Small business owners are responsible for establishing and growing the business. This means they often wear more than one hat at any given time. While they are focused primarily on customers and revenue, they also serve as a jack of all trades when it comes to everything from HR to legal to marketing. 

A mistake many small businesses make is overlooking their security function. While many of the cybersecurity attacks and breaches we see across headlines happen at major enterprise organizations, the reality is cybercriminals don’t discriminate by size and the aftermath of an attack can devastate a small business.

In fact, cyberattacks on small businesses are more common than many think, with more than two-thirds (67 percent) of companies with fewer than 1,000 employees having experienced a cyberattack, and 58 percent having experienced a breach, according to a recent report by the Ponemon Institute LLC which talked to and researched approximately 1,045 individuals from companies in the United States and the United Kingdom.

“Small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent of the companies represented in this study rate their ability to mitigate threats, vulnerabilities and attacks as highly effective”. Ponemon said in the report.

According to another report by the BBC, more than half of British firms reported cyberattacks in 2019, up 40% from 2018.

The rapid development of new communication technologies and online tools has led to more of us being more connected, and around the clock. Our lives and businesses are in many ways intertwined, with so many workers and consumers relying on personal or sensitive information to access the services they need.

The technology boom  from cloud storage to IoT devices, has brought down barriers and allowed businesses to flourish on a global scale, it has simultaneously further exposed corporate and customer data. Conseqentky thre is an even greater motivation for organisations to implement effective security protocols, with a lot more at stake than just financial results.

What Is The Threat?

Firstly, it’s good to go back to basics. Bad actors are usually attempting to accomplish one of two things: stealing information or extorting money. Understanding how each of these could play out is crucial to curtailing the threat. Information theft generally entails either the acquisition of personal (e.g. banking data) or competitive data (e.g. patents or product designs). In these breaches, bad actors often gain access to a network and quietly acquire data over months, by hijacking emails and downloading huge amounts of data.

The companies most at risk of information theft are those who store large amounts of competitive or personal data - with medical and financial data being the most in demand. But many companies don’t understand, or fail to acknowledge, the risk they face, even from storing something as commonplace as employee passwords.

The second form of attack, extorting money, has become synonymous with Russian hacker groups, wherein attackers gain access to the network, encrypt operational data like app servers and file servers, and, if they can, delete all backups.

Worryingly, 2019 UK government statistics reveal that less than a third of businesses (31 per cent) and charities (32 per cent) have carried out a cybersecurity risk assessment in the last 12 months, showing that there is huge room for improvement to ensure the right processes are put in place to protect information consistently. 

The Ponemonstudy suggets that nearly two-thirds (65 per cent) of IT security decision-makers believe their organisation is complacent about protecting its customers’ data.

Sophisticated cyber threats, coupled with a knowledge gap in the IT industry, offer reasons but not excuses for why this apparent ‘cyber-complacency’ may be happening – but growing risks demonstrate that this complacency cannot continue. As the cyber threat landscape continues to widen and cybercriminals become more skilled at manipulating others’ personal data for their own gain, implementing effective policies and security solutions will be imperative to companies preventing and responding to data breaches.

Implementing Effective Policies

Awareness is the first step in countering the threat. Companies and their leaders must acknowledge that they’re at risk, and that everyone who works at a company is a potential target and way in for hackers. Aside from educating staff on threats, and sharing new ways to authenticate logins, spotting phishing emails and the like, there is another key risk that must be addressed.

Many executives think of cyber risk more in terms of technological vulnerabilities, but it is usually the human dimension that leads to breaches.

Most at fault for security flaws, partially because they’re also the most targeted, are one particular group: The C-suite themselves. In modern business, collecting and utilising customer data has become fundamental to achieving success. Personalised email campaigns, for instance, have transformed how marketers communicate with their target audiences.

Such is the threat of finacial and reputataional damage that vigilance over data protection and cybersecurity policies will pay off in the long term.

Cyber-incidents involving the likes of British Airways and Marriot all spring to mind, with regulators handing out substantial fines as punishment. The wave of breaches during the last decade in particular has shaken customer confidence, and made consumers more aware of how and where they are sharing data.

Despite the inherent risks of being complacent with customer data, many IT security decision-makers are failing to implement effective measures to protect it from cyberattacks.

For instance, more than half (57 per cent) of businesses do not currently have a cyber security policy in place, rising to more than two-thirds (71 per cent) of medium-sized businesses (250 to 549 employees).

Protocols that are unfortunately not being implemented as widely as they should be include information security policies, incident response (IR) policies and disaster recovery policies. In addition, just four-in-ten (41 per cent) businesses surveyed believe their organisation is protected with robust endpoint security.

Constantly Aware Of Data Protection

Harnessing data effectively creates opportunities and drives further growth. But organisations need to stay on top of keeping it secure, as there is a consensus amongst cybersecurity professionals that a cyberattack is always just around the corner in their business. A study has revealed that 84 per cent of chief information security officers believe a cyberattack is inevitable.

This feeling has been put down to the digital, always-online culture that businesses rely on to operate successfully and meet customer needs. So, considering that cyber threats are now not a matter of ‘if’ but ‘when’, it has become an imperative to properly protect data. The concerns over complacency and the inevitability of an attack can easily be remedied. Though cyber threats are constantly evolving to break through security solutions, regular assessments are one of the simplest yet most effective ways to stay on top and adopt crucial prevention techniques.

IT decision-makers will have more confidence in policies that are up to date, whilst their chances of spotting and foiling an attack that may well breach a company’s customer data will be improved.

Avoiding Cyber-Complacency

If businesses can ensure their cyber-safety now, this will have a substantial impact on their future, helping them mitigate the risk of compromising sensitive information and suffering data breaches.Running regular in-depth analysis into a company’s cybersecurity approach and systems alongside a strong, robust endpoint security solution is an effective way of doing this.

It’s important for businesses to carry out assessments every six months so that company security protocols are always up-to-date to deal with the latest cyber threats.

Of course, cost and ROI are important factors when budgeting in any department, but investment in cybersecurity protection and policies often outweighs the potential losses a data breach could incur.

What’s more, financial penalties from regulators and a dip in customer confidence could well cripple any organisation. With the seemingly limitless possibilities new technologies offer businesses, prioritised expenditure in cyber-protection is a relatively small price to pay.

While companies need to manage their resources carefully, there is software that can ensure any in-house cybersecurity expert is given the support they require. By introducing defined cybersecurity policies, regular risk assessments and training courses, along with proven services and solutions, businesses must build a strong foundation in order to protect their valuable customer data, in 2020 and beyond. 

International Data Corp:    Ponemon:   ITProPortal:     Information-Age:       Security Boulevard:     Data Economy


You Might Also Read: 

Five Risks That Will Define Cyber Security In 2020:

Has The US Become Complacent About Resisting Cyber Attacks?:

 

 

 

« Can AI Replace Your Job?
Boot Camp Lessons In Cyber Security »

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Need to Evolve to a Risk-Based Vulnerability Management Strategy but Don’t Know How? This Guide Will Show You.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Information Systems Security Association (ISSA)

Information Systems Security Association (ISSA)

the Information Systems Security Association (ISSA) is an international organization of information security professionals and practitioners.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

Continuum

Continuum

Continuum is the IT management platform company that allows Managed IT Services Providers to maintain and back up on-premise and cloud-based servers, desktops, mobile devices and other endpoints

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Abusix

Abusix

Abusix specializes in Internet security, network abuse handling, antispam and fraud prevention.

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

Center for Analysis & Investigation of Cyber-Attacks (CAICA)

The Center for Analysis & Investigation of Cyber-Attacks is one of the leading Kazakhstan organisations in the field of information and computer security.

CYSEC Academy

CYSEC Academy

CYSEC Academy offer cyber certifications, cyber assurance and cyber defense training, hands-on learning training modules, public, private and bespoke training courses.