In the past five years, the cyber security environment has changed drastically – not for better, but for the worse. The number of cyber security breaches has been increasing exponentially with each passing year, and 2016 is no exception. To steal a line from Fortinet global security strategist Derek Manky, "In the coming year, hackers will launch increasingly sophisticated attacks on everything from critical infrastructure to medical devices."
Despite this looming threat of a potential cyber security breach, most organisations remain unfazed. Does your organisation fall into this category? Chances are, the answer is most probably. After all, according to the annual Global Threat Intelligence Report (GITR) this year, about 77% of organisations are unprepared for a cyber attack.
Understandably, maintaining company profits and growth is at the forefront of your mind. However, neglecting the potential cyber security issues could also cost your organisation huge losses. Still feeling cynical? Here are four compelling reasons that will hopefully get you to make cyber security a business priority.
1. Security breaches are becoming increasingly common and costly
Data breaches have always been a cause of concern for organisations, but it is only in recent years that this issue has entered the limelight. Why so? Businesses of all sizes have become increasingly reliant on digital data, and yet most of these companies have not put in place sufficient security measures to keep cyber criminals at bay. On the other hand, hackers are extremely willing to develop stealthier, more sophisticated methods to access confidential company data. As a result of this asymmetric threat environment, there has been an exponential increase in security breaches, and a far greater impact on these companies than before.
The numbers speak for themselves. According to a study by PwC in 2015, almost 90% of large organisations reported that in that year, they have suffered from a security breach, up from 81% in 2014. Additionally, the financial impact of these breaches has also increased. Taking into account business disruption, lost sales, recovery of assets, fines and compensations, the average loss for a large company (one with more than 500 employees) ranged between £1.46 million to £3.14 millon. Smaller companies didn't fare much better either, with losses amounting up to £311,000! (And these are only the ones that have been reported!)
If you didn't think cyber security was an important issue, you might want to think twice now.
2. Phishing scams are nastier than ever
Over the years, phishing attacks have become extremely well-crafted and sophisticated. While some scam emails could be easily spotted by the absurd references to Nigerian princes, or the poorly written requests for a bank transfer to the Western Union, phishing methods nowadays are no longer so simplistic.
These days, hackers have been known to design pages and messages to look exactly like the ones you would receive from a legitimate organisation – from the email address to the logo and content. The level of dedication these cyber criminals invest in their craft is almost admirable – if not for the fact that they are trying to steal valuable information from your company. Just look at the image below!
Just a single click from any of these countless emails sent to unwitting employees will allow cyber criminals to gain entry into your networks to compromise infrastructure and infiltrate your data – potentially causing millions in financial damages. The human factor is crucial in the upkeep of your organisation's cyber security – so be sure to also educate your employees, no matter how strong your security systems may be!
3. A necessary evil: Bring Your Own Devices (BYODs)
In today's world, the use of smartphones, tablets and personal laptops is ubiquitous, and this has in turn led to a trend of organisations embracing BYODs in the office. Of course, it isn't difficult to see why. For employees, being able to use a device of his or her own choosing means happier and more productive users. For employers, BYODs could bring large potential cost savings because they save on corporate phones, computer repairs and so on. Seems like a winning combination, doesn't it?
While BYODs may bring cost effectiveness and efficiency to the organisation, there are also many hidden security issues. Innocuous as they may seem, BYODs are frequently cited by security experts as one of the top cyber security threats to organisations!
Because personal devices are able to bypass filters and security systems typically applied to corporate devices, they are extremely vulnerable to malware. By targeting BYODs, cyber criminals easily infiltrate the organisation's data systems through phishing, or even hacking into employees' accounts directly. Even worse, when data breaches really occur on unmanaged BYODs, the scope and source of the data breach cannot be assessed. Without any chance of forensic investigation, organisations are unable to find out how an incident occurred, and this means that no measures can be put in place to prevent a similar situation from reoccurring.
While it is not possible to lock down BYODs like corporate devices due to personal privacy barriers, all hope is not lost. By involving security experts to formulate and implement BYOD security policies, or build restrictions into the organisation's network, the risks that BYODs pose can be mitigated.
4. Cloud computing breaches - the stuff IT nightmares are made of
With the promise of scalability, mobility and a pay-per-use model, cloud computing is an extremely popular option amongst companies of all sizes. Your organisation is probably no exception. However, data security is a major concern when it comes to the cloud. Its multi-tenant environment and shared infrastructure makes it risky. If cyber criminals are able to hack into the systems of cloud providers, they would have hit the "hacking jackpot" – the databases of countless companies may all fall in the hands of cyber criminals. (You can know more about the dangers that organisations face on the cloud here.)
Although most cloud providers have stringent security measures to prevent such a situation from arising, one must take note that cyber criminals are constantly improving their craft and employing increasingly sophisticated methods as well. If your business is using or considering migrating to cloud, your organisation should definitely get to know your service provider as thoroughly as possible, both from a company and an end-to-end perspective.
In today's world, falling behind on cyber security is one of the biggest risks businesses face. Yet, most companies still fail to make cyber security a business priority. Warding off cyber criminals is indeed a formidable challenge, but it is nevertheless important to have a response plan put in place. What solutions does your organisation have in place?