Cybersecurity – You are Under Attack and Need to Take Action – NOW!
Cybersecurity is an issue that needs to be brought front and center now in light of the impact it has on the life and health of your business.
Let us try to cover the subject in a number of entries, starting here:
- What is cybersecurity?
- How important is it and why?
- Whom does it affect?
- Why should you care?
Later, we will get into what you can do, who is there to help, the standards you need to meet and at what cost.
What is Cybersecurity?
As outlined above, let us start with what cybersecurity is, so we know what we are talking about. TechTarget, a popular tech web site, gives this definition:
“Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access, ultimately for the purpose of extorting money.”
Note: When you hear the term security referring to the world of computers, networks, etc., first and foremost it means cybersecurity, then physical security, and infrastructure security.
The cybersecurity technologies used to help protect computers and systems from attack include quite a range of hardware and software. In addition, you will need to have policies and training in place so all your staff – not just the computer people – understand and abide by practices that help keep hostile parties from compromising your computer systems. Hostile parties whose goal it is to compromise computer systems, known as cyber-attackers, can cause losses such as:
- stolen confidential information, such as customer credit card numbers
- network interruption or shut down by flooding the network with traffic (denial-of-service attack)
- stopped or damaged industrial equipment
How do they get in?
Attackers gain access in a variety of ways, each of which exploits a vulnerability somewhere in the system. It could be through an outdated piece of hardware that does not have the capability to be made secure. It could be through software that has not been updated or has not been configured for best security. On the other hand, it could be through guessing a user’s login information or through a piece of malware stored on an unsuspecting user’s USB memory device.
To provide cybersecurity to a system, all aspects of the system must be dealt with to reduce vulnerabilities, including:
Moreover, if an attack happens, you will need to have plans in place for recovering from such a disaster and continuing to run your business.
Cybersecurity risks tend to be moving targets. New methods of attack may arise at any time. To deal with this, you are best off if you make your system as secure as it can reasonably be made. In addition, experts recommend constant monitoring and ongoing risk assessment to deal with current and emerging threats.
Is cyber-attack really a threat?
Is cybersecurity really that important? Businesses and government agencies know it is. The proposed federal budget for fiscal 2016 includes $14 billion to fund cybersecurity efforts aimed at protecting federal and private networks from cyber threats.
Check in later as we continue to answer the questions posed at the beginning of this blog.
Cybersecurity – Less Expensive than the Costs of a Successful Attack
In the previous blog post, we covered what cybersecurity is and began to cover why it is so important to address. Here we present some statistics, admittedly dry, but which reveal the magnitude of the problem. Quoting from the NetDiligence Cyber Claims 2014 Study, which analyzes actual insurance claim data:
- PII (Personally Identifiable Information) was the most frequently exposed data (41% of breaches), followed by PHI (Private Health Information) (21%) and PCI (Payment Card Information) (19%).
- Hackers were the most frequent cause of loss (30%), followed by Staff Mistakes (14%).
- Healthcare was the sector most frequently breached (23%), followed closely by Financial Services (22%).
- Small-Revenue ($300M-$2B), Micro-Revenue ($50M-$300M) and Nano-Revenue (< $50M) companies experienced the most incidents (25%, 24% and 23% respectively). [So if you think you are too small for hacker interest, you are wrong; you, the small business, account for 23% of all incidents.]
- Third parties accounted for 20% of the claims submitted.
- There was insider involvement in 32% of the claims submitted.
- The median number of records lost was 3,500. The average number of records lost was 2.4 million.
- Non-zero claim payouts in this year’s study ranged from $600 to almost $6.5 million. Typical claims, however, ranged from $30,000 to $400,000.
- The median claim payout was $144,000. The average claim payout was $733,109. The average claim payout for a large company was $2.9 million, while the average payout in the Healthcare sector was $1.3 million.
- The median per-record cost was $19.84. The average per record cost was $956.21. The median cost for legal defense was $283,300. The average cost for legal defense was $698,797.
- The median cost for legal settlement was $150,000. The average cost for legal settlement was $558,520. The median number of records lost was 3,500. The average number of records lost was 2.4 million.
- The median cost for Crisis Services (forensics, notification, legal guidance and miscellaneous other) was $110,594. The average cost for Crisis Services was $366,484.
(And we haven’t even begun to address the embarrassment, loss of reputation and goodwill, lost sales, lost jobs, bad press, lost time in recovery, etc. Remember the Home Depot and Target cyber-attacks and all the bad press that followed?)
We hope you now have a good idea how and why cybersecurity is so important!