Business Must Avoid Cyber Complacency

Across every industry, every country and every size of business, one thing is certain. The threat from cyber-attacks is growing every day. 

The amount that businesses are spending on security is also growing, with global spending on track to reach $133 billion in 2022 according to the experts at IDC. Cybersecurity was one of the biggest threats that businesses faced in 2019. The number of US and UK firms reporting a cyber-attack is ever-increasing, particularly those of an SME size.

The driving factors influencing the global industrial cybersecurity solutions market includes increasing phishing threats and malware, growing adoption of Internet of Things (IoT) and Bring Your Own Device (BYOD) in the organisations.

This is increasing demand for cloud based cyber security solutions, constant need of industry standards, complexities, and regulations for device security. With the increasing popularity of cyber security, the activities are being highly aligned and prioritised to strategic business activities to reduce the loss of IT resources. This leads to generate a huge scope of opportunities in the global industrial cyber security solutions market.

The increasing concerns over of the cyber threat to organisations has driven the demand for industrial cybersecurity solutions industry.

Small business owners are responsible for establishing and growing the business. This means they often wear more than one hat at any given time. While they are focused primarily on customers and revenue, they also serve as a jack of all trades when it comes to everything from HR to legal to marketing. 

A mistake many small businesses make is overlooking their security function. While many of the cybersecurity attacks and breaches we see across headlines happen at major enterprise organizations, the reality is cybercriminals don’t discriminate by size and the aftermath of an attack can devastate a small business.

In fact, cyberattacks on small businesses are more common than many think, with more than two-thirds (67 percent) of companies with fewer than 1,000 employees having experienced a cyberattack, and 58 percent having experienced a breach, according to a recent report by the Ponemon Institute LLC which talked to and researched approximately 1,045 individuals from companies in the United States and the United Kingdom.

“Small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent of the companies represented in this study rate their ability to mitigate threats, vulnerabilities and attacks as highly effective”. Ponemon said in the report.

According to another report by the BBC, more than half of British firms reported cyberattacks in 2019, up 40% from 2018.

The rapid development of new communication technologies and online tools has led to more of us being more connected, and around the clock. Our lives and businesses are in many ways intertwined, with so many workers and consumers relying on personal or sensitive information to access the services they need.

The technology boom  from cloud storage to IoT devices, has brought down barriers and allowed businesses to flourish on a global scale, it has simultaneously further exposed corporate and customer data. Conseqentky thre is an even greater motivation for organisations to implement effective security protocols, with a lot more at stake than just financial results.

What Is The Threat?

Firstly, it’s good to go back to basics. Bad actors are usually attempting to accomplish one of two things: stealing information or extorting money. Understanding how each of these could play out is crucial to curtailing the threat. Information theft generally entails either the acquisition of personal (e.g. banking data) or competitive data (e.g. patents or product designs). In these breaches, bad actors often gain access to a network and quietly acquire data over months, by hijacking emails and downloading huge amounts of data.

The companies most at risk of information theft are those who store large amounts of competitive or personal data - with medical and financial data being the most in demand. But many companies don’t understand, or fail to acknowledge, the risk they face, even from storing something as commonplace as employee passwords.

The second form of attack, extorting money, has become synonymous with Russian hacker groups, wherein attackers gain access to the network, encrypt operational data like app servers and file servers, and, if they can, delete all backups.

Worryingly, 2019 UK government statistics reveal that less than a third of businesses (31 per cent) and charities (32 per cent) have carried out a cybersecurity risk assessment in the last 12 months, showing that there is huge room for improvement to ensure the right processes are put in place to protect information consistently. 

The Ponemonstudy suggets that nearly two-thirds (65 per cent) of IT security decision-makers believe their organisation is complacent about protecting its customers’ data.

Sophisticated cyber threats, coupled with a knowledge gap in the IT industry, offer reasons but not excuses for why this apparent ‘cyber-complacency’ may be happening – but growing risks demonstrate that this complacency cannot continue. As the cyber threat landscape continues to widen and cybercriminals become more skilled at manipulating others’ personal data for their own gain, implementing effective policies and security solutions will be imperative to companies preventing and responding to data breaches.

Implementing Effective Policies

Awareness is the first step in countering the threat. Companies and their leaders must acknowledge that they’re at risk, and that everyone who works at a company is a potential target and way in for hackers. Aside from educating staff on threats, and sharing new ways to authenticate logins, spotting phishing emails and the like, there is another key risk that must be addressed.

Many executives think of cyber risk more in terms of technological vulnerabilities, but it is usually the human dimension that leads to breaches.

Most at fault for security flaws, partially because they’re also the most targeted, are one particular group: The C-suite themselves. In modern business, collecting and utilising customer data has become fundamental to achieving success. Personalised email campaigns, for instance, have transformed how marketers communicate with their target audiences.

Such is the threat of finacial and reputataional damage that vigilance over data protection and cybersecurity policies will pay off in the long term.

Cyber-incidents involving the likes of British Airways and Marriot all spring to mind, with regulators handing out substantial fines as punishment. The wave of breaches during the last decade in particular has shaken customer confidence, and made consumers more aware of how and where they are sharing data.

Despite the inherent risks of being complacent with customer data, many IT security decision-makers are failing to implement effective measures to protect it from cyberattacks.

For instance, more than half (57 per cent) of businesses do not currently have a cyber security policy in place, rising to more than two-thirds (71 per cent) of medium-sized businesses (250 to 549 employees).

Protocols that are unfortunately not being implemented as widely as they should be include information security policies, incident response (IR) policies and disaster recovery policies. In addition, just four-in-ten (41 per cent) businesses surveyed believe their organisation is protected with robust endpoint security.

Constantly Aware Of Data Protection

Harnessing data effectively creates opportunities and drives further growth. But organisations need to stay on top of keeping it secure, as there is a consensus amongst cybersecurity professionals that a cyberattack is always just around the corner in their business. A study has revealed that 84 per cent of chief information security officers believe a cyberattack is inevitable.

This feeling has been put down to the digital, always-online culture that businesses rely on to operate successfully and meet customer needs. So, considering that cyber threats are now not a matter of ‘if’ but ‘when’, it has become an imperative to properly protect data. The concerns over complacency and the inevitability of an attack can easily be remedied. Though cyber threats are constantly evolving to break through security solutions, regular assessments are one of the simplest yet most effective ways to stay on top and adopt crucial prevention techniques.

IT decision-makers will have more confidence in policies that are up to date, whilst their chances of spotting and foiling an attack that may well breach a company’s customer data will be improved.

Avoiding Cyber-Complacency

If businesses can ensure their cyber-safety now, this will have a substantial impact on their future, helping them mitigate the risk of compromising sensitive information and suffering data breaches.Running regular in-depth analysis into a company’s cybersecurity approach and systems alongside a strong, robust endpoint security solution is an effective way of doing this.

It’s important for businesses to carry out assessments every six months so that company security protocols are always up-to-date to deal with the latest cyber threats.

Of course, cost and ROI are important factors when budgeting in any department, but investment in cybersecurity protection and policies often outweighs the potential losses a data breach could incur.

What’s more, financial penalties from regulators and a dip in customer confidence could well cripple any organisation. With the seemingly limitless possibilities new technologies offer businesses, prioritised expenditure in cyber-protection is a relatively small price to pay.

While companies need to manage their resources carefully, there is software that can ensure any in-house cybersecurity expert is given the support they require. By introducing defined cybersecurity policies, regular risk assessments and training courses, along with proven services and solutions, businesses must build a strong foundation in order to protect their valuable customer data, in 2020 and beyond. 

International Data Corp:    Ponemon:   ITProPortal:     Information-Age:       Security Boulevard:     Data Economy


You Might Also Read: 

Five Risks That Will Define Cyber Security In 2020:

Has The US Become Complacent About Resisting Cyber Attacks?:

 

 

 

« Can AI Replace Your Job?
The US & Britain Edge Closer To An Agreement On Huawei »

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Service Supplier Directory

Cyber Security Service Supplier Directory

Free Access: Cyber Security Service Supplier Directory listing 4,000+ specialist service providers.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Go Cyber

Go Cyber

Go Cyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

WEBINAR: How to design a least privilege architecture in AWS

WEBINAR: How to design a least privilege architecture in AWS

Tuesday, April 14, 2020 - Join SANS and AWS Marketplace to learn about how to design a least privilege architecture in AWS.

StorageCraft

StorageCraft

StorageCraft provides best-in-class backup, disaster recovery, system migration and data protection solutions for virtual and physical environments.

Q-CERT

Q-CERT

Q-CERT is the National Computer Security Emergency Team of Qatar.

Totalsec

Totalsec

Totalsec is a Grupo Salinas company with a team of professionals in cybersecurity and information security providing Security Consulting, Solutions Integration, and Managed Security Services.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Trilogy Technologies

Trilogy Technologies

Trilogy, a Managed Services Provider, designs, implements, manages and supports IT infrastructure, cloud and managed security services.

American Cybersecurity Institute

American Cybersecurity Institute

American cybersecurity Institute is a newly formed not-for-profit organization dedicated to education, advocacy, study and analysis in the space of cybersecurity law and policy.