Business Must Avoid Cyber Complacency

Uploaded on 2020-03-23 in FREE TO VIEW, NEWS-Cybersecurity News

Across every industry, every country and every size of business, one thing is certain. The threat from cyber-attacks is growing every day. 

The amount that businesses are spending on security is also growing, with global spending on track to reach $133 billion in 2022 according to the experts at IDC. Cybersecurity was one of the biggest threats that businesses faced in 2019. The number of US and UK firms reporting a cyber-attack is ever-increasing, particularly those of an SME size.

The driving factors influencing the global industrial cybersecurity solutions market includes increasing phishing threats and malware, growing adoption of Internet of Things (IoT) and Bring Your Own Device (BYOD) in the organisations.

This is increasing demand for cloud based cyber security solutions, constant need of industry standards, complexities, and regulations for device security. With the increasing popularity of cyber security, the activities are being highly aligned and prioritised to strategic business activities to reduce the loss of IT resources. This leads to generate a huge scope of opportunities in the global industrial cyber security solutions market.

The increasing concerns over of the cyber threat to organisations has driven the demand for industrial cybersecurity solutions industry.

Small business owners are responsible for establishing and growing the business. This means they often wear more than one hat at any given time. While they are focused primarily on customers and revenue, they also serve as a jack of all trades when it comes to everything from HR to legal to marketing. 

A mistake many small businesses make is overlooking their security function. While many of the cybersecurity attacks and breaches we see across headlines happen at major enterprise organizations, the reality is cybercriminals don’t discriminate by size and the aftermath of an attack can devastate a small business.

In fact, cyberattacks on small businesses are more common than many think, with more than two-thirds (67 percent) of companies with fewer than 1,000 employees having experienced a cyberattack, and 58 percent having experienced a breach, according to a recent report by the Ponemon Institute LLC which talked to and researched approximately 1,045 individuals from companies in the United States and the United Kingdom.

“Small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent of the companies represented in this study rate their ability to mitigate threats, vulnerabilities and attacks as highly effective”. Ponemon said in the report.

According to another report by the BBC, more than half of British firms reported cyberattacks in 2019, up 40% from 2018.

The rapid development of new communication technologies and online tools has led to more of us being more connected, and around the clock. Our lives and businesses are in many ways intertwined, with so many workers and consumers relying on personal or sensitive information to access the services they need.

The technology boom  from cloud storage to IoT devices, has brought down barriers and allowed businesses to flourish on a global scale, it has simultaneously further exposed corporate and customer data. Conseqentky thre is an even greater motivation for organisations to implement effective security protocols, with a lot more at stake than just financial results.

What Is The Threat?

Firstly, it’s good to go back to basics. Bad actors are usually attempting to accomplish one of two things: stealing information or extorting money. Understanding how each of these could play out is crucial to curtailing the threat. Information theft generally entails either the acquisition of personal (e.g. banking data) or competitive data (e.g. patents or product designs). In these breaches, bad actors often gain access to a network and quietly acquire data over months, by hijacking emails and downloading huge amounts of data.

The companies most at risk of information theft are those who store large amounts of competitive or personal data - with medical and financial data being the most in demand. But many companies don’t understand, or fail to acknowledge, the risk they face, even from storing something as commonplace as employee passwords.

The second form of attack, extorting money, has become synonymous with Russian hacker groups, wherein attackers gain access to the network, encrypt operational data like app servers and file servers, and, if they can, delete all backups.

Worryingly, 2019 UK government statistics reveal that less than a third of businesses (31 per cent) and charities (32 per cent) have carried out a cybersecurity risk assessment in the last 12 months, showing that there is huge room for improvement to ensure the right processes are put in place to protect information consistently. 

The Ponemonstudy suggets that nearly two-thirds (65 per cent) of IT security decision-makers believe their organisation is complacent about protecting its customers’ data.

Sophisticated cyber threats, coupled with a knowledge gap in the IT industry, offer reasons but not excuses for why this apparent ‘cyber-complacency’ may be happening – but growing risks demonstrate that this complacency cannot continue. As the cyber threat landscape continues to widen and cybercriminals become more skilled at manipulating others’ personal data for their own gain, implementing effective policies and security solutions will be imperative to companies preventing and responding to data breaches.

Implementing Effective Policies

Awareness is the first step in countering the threat. Companies and their leaders must acknowledge that they’re at risk, and that everyone who works at a company is a potential target and way in for hackers. Aside from educating staff on threats, and sharing new ways to authenticate logins, spotting phishing emails and the like, there is another key risk that must be addressed.

Many executives think of cyber risk more in terms of technological vulnerabilities, but it is usually the human dimension that leads to breaches.

Most at fault for security flaws, partially because they’re also the most targeted, are one particular group: The C-suite themselves. In modern business, collecting and utilising customer data has become fundamental to achieving success. Personalised email campaigns, for instance, have transformed how marketers communicate with their target audiences.

Such is the threat of finacial and reputataional damage that vigilance over data protection and cybersecurity policies will pay off in the long term.

Cyber-incidents involving the likes of British Airways and Marriot all spring to mind, with regulators handing out substantial fines as punishment. The wave of breaches during the last decade in particular has shaken customer confidence, and made consumers more aware of how and where they are sharing data.

Despite the inherent risks of being complacent with customer data, many IT security decision-makers are failing to implement effective measures to protect it from cyberattacks.

For instance, more than half (57 per cent) of businesses do not currently have a cyber security policy in place, rising to more than two-thirds (71 per cent) of medium-sized businesses (250 to 549 employees).

Protocols that are unfortunately not being implemented as widely as they should be include information security policies, incident response (IR) policies and disaster recovery policies. In addition, just four-in-ten (41 per cent) businesses surveyed believe their organisation is protected with robust endpoint security.

Constantly Aware Of Data Protection

Harnessing data effectively creates opportunities and drives further growth. But organisations need to stay on top of keeping it secure, as there is a consensus amongst cybersecurity professionals that a cyberattack is always just around the corner in their business. A study has revealed that 84 per cent of chief information security officers believe a cyberattack is inevitable.

This feeling has been put down to the digital, always-online culture that businesses rely on to operate successfully and meet customer needs. So, considering that cyber threats are now not a matter of ‘if’ but ‘when’, it has become an imperative to properly protect data. The concerns over complacency and the inevitability of an attack can easily be remedied. Though cyber threats are constantly evolving to break through security solutions, regular assessments are one of the simplest yet most effective ways to stay on top and adopt crucial prevention techniques.

IT decision-makers will have more confidence in policies that are up to date, whilst their chances of spotting and foiling an attack that may well breach a company’s customer data will be improved.

Avoiding Cyber-Complacency

If businesses can ensure their cyber-safety now, this will have a substantial impact on their future, helping them mitigate the risk of compromising sensitive information and suffering data breaches.Running regular in-depth analysis into a company’s cybersecurity approach and systems alongside a strong, robust endpoint security solution is an effective way of doing this.

It’s important for businesses to carry out assessments every six months so that company security protocols are always up-to-date to deal with the latest cyber threats.

Of course, cost and ROI are important factors when budgeting in any department, but investment in cybersecurity protection and policies often outweighs the potential losses a data breach could incur.

What’s more, financial penalties from regulators and a dip in customer confidence could well cripple any organisation. With the seemingly limitless possibilities new technologies offer businesses, prioritised expenditure in cyber-protection is a relatively small price to pay.

While companies need to manage their resources carefully, there is software that can ensure any in-house cybersecurity expert is given the support they require. By introducing defined cybersecurity policies, regular risk assessments and training courses, along with proven services and solutions, businesses must build a strong foundation in order to protect their valuable customer data, in 2020 and beyond. 

International Data Corp:    Ponemon:   ITProPortal:     Information-Age:       Security Boulevard:     Data Economy


You Might Also Read: 

Five Risks That Will Define Cyber Security In 2020:

Has The US Become Complacent About Resisting Cyber Attacks?:

 

 

 

« Can AI Replace Your Job?
Boot Camp Lessons In Cyber Security »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyfirma

Cyfirma

CYFIRMA offers Cyber threat visibility and intelligence suite and services aimed at keeping your organization’s cybersecurity posture up-to-date.

DAkkS

DAkkS

DAkkS is the national accreditation body for Germany. The directory of members provides details of organisations offering certification services for ISO 27001.

NewGens

NewGens

NewGens is a solution and service provider to banking institutions in the APAC region. Areas of expertise include cybersecurity, AML, fruad prevention, compliance and risk management.

OXO Cybersecurity Lab

OXO Cybersecurity Lab

OXO Cybersecurity Lab is the first dedicated cybersecurity incubator in the Central & Eastern Europe region.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

Cyber Range Solutions (CRS)

Cyber Range Solutions (CRS)

CRS provides cyber security training and improve security team performance by providing a hyper realistic, virtual training environment.

Sunartek Labs

Sunartek Labs

Sunartek are equipped with expert resources and advanced technology to identify cyber threats and prevent any breach, bypassing the security network of your organization.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

Oligo Security

Oligo Security

Oligo aims to streamline the usage of open source by making it secure and easy to protect. Through focusing developers on the relevant vulnerabilities we make the fixing process significantly shorter.

Bleach Cyber

Bleach Cyber

Bleach Cyber helps small businesses with an affordable and user-friendly solution for managing cloud security.

Dynamic Networks

Dynamic Networks

Dynamic Networks provide Managed Cloud Services; Unified Communications; Security & Compliance Services and Network & Infrastructure Services for both Public Sector and Private sector businesses.

NVISO Security

NVISO Security

NVISO is a pure-play cyber security consulting firm, focused mainly on the Financial Sector, the Technology Sector, and Government & Critical Infrastructure.

NetSfere

NetSfere

NetSfere provides next-generation messaging and mobility solutions to carriers and enterprises globally including its enterprise-grade, secure mobile messaging platform NetSfere Enterprise.

Cyber Grant

Cyber Grant

Cyber Grant excel in designing cybersecurity solutions for data protection. Our approach and vision, centered on ease-of-use, establish us as a benchmark in the industry for safeguarding information.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.