Business Must Avoid Cyber Complacency

Across every industry, every country and every size of business, one thing is certain. The threat from cyber-attacks is growing every day. 

The amount that businesses are spending on security is also growing, with global spending on track to reach $133 billion in 2022 according to the experts at IDC. Cybersecurity was one of the biggest threats that businesses faced in 2019. The number of US and UK firms reporting a cyber-attack is ever-increasing, particularly those of an SME size.

The driving factors influencing the global industrial cybersecurity solutions market includes increasing phishing threats and malware, growing adoption of Internet of Things (IoT) and Bring Your Own Device (BYOD) in the organisations.

This is increasing demand for cloud based cyber security solutions, constant need of industry standards, complexities, and regulations for device security. With the increasing popularity of cyber security, the activities are being highly aligned and prioritised to strategic business activities to reduce the loss of IT resources. This leads to generate a huge scope of opportunities in the global industrial cyber security solutions market.

The increasing concerns over of the cyber threat to organisations has driven the demand for industrial cybersecurity solutions industry.

Small business owners are responsible for establishing and growing the business. This means they often wear more than one hat at any given time. While they are focused primarily on customers and revenue, they also serve as a jack of all trades when it comes to everything from HR to legal to marketing. 

A mistake many small businesses make is overlooking their security function. While many of the cybersecurity attacks and breaches we see across headlines happen at major enterprise organizations, the reality is cybercriminals don’t discriminate by size and the aftermath of an attack can devastate a small business.

In fact, cyberattacks on small businesses are more common than many think, with more than two-thirds (67 percent) of companies with fewer than 1,000 employees having experienced a cyberattack, and 58 percent having experienced a breach, according to a recent report by the Ponemon Institute LLC which talked to and researched approximately 1,045 individuals from companies in the United States and the United Kingdom.

“Small businesses increasingly face the same cybersecurity risks as larger companies, but only 28 percent of the companies represented in this study rate their ability to mitigate threats, vulnerabilities and attacks as highly effective”. Ponemon said in the report.

According to another report by the BBC, more than half of British firms reported cyberattacks in 2019, up 40% from 2018.

The rapid development of new communication technologies and online tools has led to more of us being more connected, and around the clock. Our lives and businesses are in many ways intertwined, with so many workers and consumers relying on personal or sensitive information to access the services they need.

The technology boom  from cloud storage to IoT devices, has brought down barriers and allowed businesses to flourish on a global scale, it has simultaneously further exposed corporate and customer data. Conseqentky thre is an even greater motivation for organisations to implement effective security protocols, with a lot more at stake than just financial results.

What Is The Threat?

Firstly, it’s good to go back to basics. Bad actors are usually attempting to accomplish one of two things: stealing information or extorting money. Understanding how each of these could play out is crucial to curtailing the threat. Information theft generally entails either the acquisition of personal (e.g. banking data) or competitive data (e.g. patents or product designs). In these breaches, bad actors often gain access to a network and quietly acquire data over months, by hijacking emails and downloading huge amounts of data.

The companies most at risk of information theft are those who store large amounts of competitive or personal data - with medical and financial data being the most in demand. But many companies don’t understand, or fail to acknowledge, the risk they face, even from storing something as commonplace as employee passwords.

The second form of attack, extorting money, has become synonymous with Russian hacker groups, wherein attackers gain access to the network, encrypt operational data like app servers and file servers, and, if they can, delete all backups.

Worryingly, 2019 UK government statistics reveal that less than a third of businesses (31 per cent) and charities (32 per cent) have carried out a cybersecurity risk assessment in the last 12 months, showing that there is huge room for improvement to ensure the right processes are put in place to protect information consistently. 

The Ponemonstudy suggets that nearly two-thirds (65 per cent) of IT security decision-makers believe their organisation is complacent about protecting its customers’ data.

Sophisticated cyber threats, coupled with a knowledge gap in the IT industry, offer reasons but not excuses for why this apparent ‘cyber-complacency’ may be happening – but growing risks demonstrate that this complacency cannot continue. As the cyber threat landscape continues to widen and cybercriminals become more skilled at manipulating others’ personal data for their own gain, implementing effective policies and security solutions will be imperative to companies preventing and responding to data breaches.

Implementing Effective Policies

Awareness is the first step in countering the threat. Companies and their leaders must acknowledge that they’re at risk, and that everyone who works at a company is a potential target and way in for hackers. Aside from educating staff on threats, and sharing new ways to authenticate logins, spotting phishing emails and the like, there is another key risk that must be addressed.

Many executives think of cyber risk more in terms of technological vulnerabilities, but it is usually the human dimension that leads to breaches.

Most at fault for security flaws, partially because they’re also the most targeted, are one particular group: The C-suite themselves. In modern business, collecting and utilising customer data has become fundamental to achieving success. Personalised email campaigns, for instance, have transformed how marketers communicate with their target audiences.

Such is the threat of finacial and reputataional damage that vigilance over data protection and cybersecurity policies will pay off in the long term.

Cyber-incidents involving the likes of British Airways and Marriot all spring to mind, with regulators handing out substantial fines as punishment. The wave of breaches during the last decade in particular has shaken customer confidence, and made consumers more aware of how and where they are sharing data.

Despite the inherent risks of being complacent with customer data, many IT security decision-makers are failing to implement effective measures to protect it from cyberattacks.

For instance, more than half (57 per cent) of businesses do not currently have a cyber security policy in place, rising to more than two-thirds (71 per cent) of medium-sized businesses (250 to 549 employees).

Protocols that are unfortunately not being implemented as widely as they should be include information security policies, incident response (IR) policies and disaster recovery policies. In addition, just four-in-ten (41 per cent) businesses surveyed believe their organisation is protected with robust endpoint security.

Constantly Aware Of Data Protection

Harnessing data effectively creates opportunities and drives further growth. But organisations need to stay on top of keeping it secure, as there is a consensus amongst cybersecurity professionals that a cyberattack is always just around the corner in their business. A study has revealed that 84 per cent of chief information security officers believe a cyberattack is inevitable.

This feeling has been put down to the digital, always-online culture that businesses rely on to operate successfully and meet customer needs. So, considering that cyber threats are now not a matter of ‘if’ but ‘when’, it has become an imperative to properly protect data. The concerns over complacency and the inevitability of an attack can easily be remedied. Though cyber threats are constantly evolving to break through security solutions, regular assessments are one of the simplest yet most effective ways to stay on top and adopt crucial prevention techniques.

IT decision-makers will have more confidence in policies that are up to date, whilst their chances of spotting and foiling an attack that may well breach a company’s customer data will be improved.

Avoiding Cyber-Complacency

If businesses can ensure their cyber-safety now, this will have a substantial impact on their future, helping them mitigate the risk of compromising sensitive information and suffering data breaches.Running regular in-depth analysis into a company’s cybersecurity approach and systems alongside a strong, robust endpoint security solution is an effective way of doing this.

It’s important for businesses to carry out assessments every six months so that company security protocols are always up-to-date to deal with the latest cyber threats.

Of course, cost and ROI are important factors when budgeting in any department, but investment in cybersecurity protection and policies often outweighs the potential losses a data breach could incur.

What’s more, financial penalties from regulators and a dip in customer confidence could well cripple any organisation. With the seemingly limitless possibilities new technologies offer businesses, prioritised expenditure in cyber-protection is a relatively small price to pay.

While companies need to manage their resources carefully, there is software that can ensure any in-house cybersecurity expert is given the support they require. By introducing defined cybersecurity policies, regular risk assessments and training courses, along with proven services and solutions, businesses must build a strong foundation in order to protect their valuable customer data, in 2020 and beyond. 

International Data Corp:    Ponemon:   ITProPortal:     Information-Age:       Security Boulevard:     Data Economy


You Might Also Read: 

Five Risks That Will Define Cyber Security In 2020:

Has The US Become Complacent About Resisting Cyber Attacks?:

 

 

 

« Can AI Replace Your Job?
Boot Camp Lessons In Cyber Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Caldew Consulting

Caldew Consulting

Caldew specialise in providing information assurance and cyber security consultancy, covering the full spectrum of the security life cycle.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

GitGuardian

GitGuardian

Enable developers, ops, security and compliance professionals to enforce security policies across public and private code, and other data sources as well

StackHawk

StackHawk

StackHawk is built to help dev teams ship secure code. Find and fix bugs early before they become vulnerabilities in production.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Enea

Enea

Enea is one of the world’s leading specialists in software for telecommunications and cybersecurity. Our products are used to enable services for mobile subscribers, enterprise customers and IoT.

Valency Networks

Valency Networks

Valency Networks provide cutting edge results in the areas of Vulnerability Assessment and Penetration Testing services for webapps, cloud apps, mobile apps and IT networks.

Narf Industries

Narf Industries

Narf Industries are a small group of reverse engineers, vulnerability researchers and tool developers that specialize in tailored solutions for government and large enterprises.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

Complete Cyber

Complete Cyber

Complete Cyber provide professional cybersecurity services and products to help secure your infrastructure, systems and data.

Liquid C2

Liquid C2

Liquid C2 offers leading solutions to streamline workplace operations, secure cloud storage, rapid data recovery, and scale growth.