Cybersecurity, or what you need to know to effectively protect your company against cyber attacks
97% of companies on Fortune 500 list have been impacted at least once by an IT security breach! Losses incurred by attacks in cyberspace amount to billions of dollars each year! Are you sure your company is safe?
According to the PwC report entitled Managing Risks in Cyberspace, incidents such as theft of sensitive data, destroying information stored in business applications or malfunctions caused by entering malicious codes into corporate systems generate an annual cost of $400 billion to global companies. Average global losses incurred by medium-sized companies (revenues from $100 million to $1 billion) amount to $3 million. In the case of large companies (more than $1 billion), the losses exceed $10 million.
There are no specific statistics for our country because, as PwC experts claim, the majority of Polish respondents are unable to determine the costs related to a security incident. Is your organization capable of estimating the consequences of a cyber attack that could make your website, online store or company applications partially or totally unavailable for hours, days or even weeks?
The amount of losses and scale of risk resulting from a potential cybersecurity breach have caused the issue to reach beyond IT departments. Now it is discussed at the management and supervisory board level. According to common statistics, 70% of top level managers need to make decisions related to IT security. It is an inevitable responsibility in today's world. That is why you should be prepared to discuss IT security.
Employee under cybercontrol: the secrets of effective staff supervision
Each year companies count their losses related to data safety issues. Many of them are generated by their employees. What can you do to avoid unnecessary costs?Read more
Below are a few basic and unchanging facts you should learn, if you want to maximize the security of IT systems in your company.
A major IT security breach in your company is just a matter of time
Statistics leave no room for doubts here: sooner or later, every company will be affected by a hacking attack or a malfunction caused by a security breach. There is no such thing as complete security. The aim is to postpone the moment of attack and consciously minimize the losses it will cause. This can be achieved mainly through appropriate preparation and implementing emergency or hacking attack plans. You can take action on your own, by creating an in-house security department, or use a specialized vendor. Large IT companies offer a broad range of solutions in this field. They include simple automatic backup services as well as comprehensive outsourced security solutions with a fully functional backup data center, and even an alternative office available within 4-12 hours from receiving a request from the client. There are also solutions for the protection of applications, websites or online stores against DDoS attacks that cause server overloads.
IT security does not end with technology protection
It is closely linked to the physical security of the organization, human resources management and company culture. That is why issues related to cybersecurity cannot be discussed separately from the company's strategy and business processes. More and more often they also need to include communication and interpersonal relations. It was already 20 years ago when Kevin Mitnick, the world's most famous hacker, discovered that the best way to break a company's security system is to use more or less refined sociotechnical methods. These most often consist in identifying an employee and talking him/her into performing an activity that would reveal system passwords and safety procedures. Cybercriminals use infected attachments, fake websites and e-mail messages confusingly similar to the real ones.
Potential losses cannot be calculated
Reports developed by the largest consulting companies are full of estimates related to losses caused by security breaches. The truth is, however, that only a part of additional costs resulting from IT security breaches can be calculated. Deterioration of company image, a mass exodus of customers, disgrace in the eyes of promising employee prospects are factors that, even though it is difficult to translate them into tangible sums of money, can be painful even to the largest companies of the world. The Sony case is a perfect example of exactly how painful all these can be1 . In April 2011, hackers broke into the company's servers and downloaded personal details from 77 million Playstation accounts that allowed users to play online. Part of the data included credit card numbers. Playstation Network was down for almost a month. Why was Sony attacked? Most probably it was a form of revenge for Sony suing hackers who cracked the security features of PlayStation 3 and shared the information on the internet. Selected websites were blocked by DDoS attacks and to break in, the hackers used a security vulnerability called SQL Injection. It is a very common programming mistake and using it for an attack is not too complicated. It is enough to say that a security solution costs less than $10 thousand. As a result of the attack aimed at Sony Playstation, the company's losses were estimated at tens or even millions of dollars, including decrease in revenues and profits, indemnifications, costs of service unavailability and new investments. The costs of damage to reputation incurred by a company doing business on the extremely competitive electronic entertainment market are beyond comprehension. The culprits of the attack are yet to be found.
The only person guilty of security breaches is you!
One of the reasons why senior management shows a dismissive attitude towards security issues is because they are not familiar with the law. If that was not the case, the largest Polish insurance companies would probably be facing a year of easy profits generated by members of the board in medium and large businesses present on the Polish market. Unfortunately, still too few managers know that company management and its members can be held accountable for the majority of cybersecurity breaches, whether made on purpose or incidentally.
It is not possible to secure an entire organization equally tight
Effective protection against security breaches always requires compromises. That is why, while developing a security system a question needs to be answered, as to which elements of the IT infrastructure are the most important. Analyzing studies on the priorities of companies in the field of IT security is a time well spent, too. According to data protection specialists, the list of major risks includes the use of mobile devices (45%), uncontrolled use of social media (32%), cloud computing and unintentional or negligent actions of employees.
What can you do?
If you run a business, you cannot ignore the risks resulting from cybersecurity breaches. You should be prepared for them and constantly analyze potential threats. While you can never afford to give up on control and supervision, understanding a few basic rules that govern IT security may ensure you the comfort of working effectively, every day.