Hardly a day goes by in the current news cycle without some new cyber-security story breaking. The end of 2016 included a disclosure of 500 million hacked Yahoo! email accounts, concerns raised over the security of U.S. election systems, and a formal announcement by the U.S. government that Russians had hacked into the emails of the Democratic National Committee and the New York Times. A Report from industry experts this past month pegged the expected value of cybercrime in 2021 at $6 TRILLION a year.
Scope & Fear Keep Businesses Stationary In Actually Protecting Their Data
Issues of cyber security can seem overwhelming for many US companies, both large and small. Both the methods of attack and the identity of potential attackers seem too numerous to list. The resulting liabilities from a bad decision can seem catastrophic. In the face of all of this, too many people either focus on small picture solutions or bury their head in the sand.
Training Staff Can Be Small Steps Toward A Goal
While small steps such as training employees to avoid social engineering scams can help save companies a lot of money, those organizations who wish to stay ahead of the curve need to begin by asking themselves where their true cyber risks and exposures lay.
What Type(s) Of Data IS Most At Risk?
Most people will immediately think of hackers gaining access to credit card or banking information when they think of the risks of data theft. Granted, this type of financial information is often the subject of cybercriminals. Yet the cost per record of these type of breaches have remained low (though still in the millions of dollars in total in some cases given the extent of breaches).
Hackers Focus Not Just Payment Information, But Information That Pays Off
Instead, hackers increasingly target intellectual property: proprietary information or algorithms, trade secrets, patents, etc. The loss of competitive advantage can cost a company far more than a personal information breach, yet companies continue to move this information onto cloud storage systems and on networks connected to the internet without sufficient thought to the risks involved.
Additionally, a company’s most important cyber asset
from the perspective of a cybercriminal may not be
intellectual property or personal information
but something way simpler and easier to overlook:
access to a more valuable network.
Breaches That Lead To Bigger Paydays
For example, the Target data breach that cost the company $252 million ($105 million after insurance reimbursements and tax deductions) occurred because a third party vendor used to repair HVAC systems was granted access to Target’s systems. The HVAC vendor themselves offered little value to the hackers but by breaching the vendor’s system they were able to “island hop” onto Target’s network and steal the personal information of millions of Target customers.
As another example, the breach of JPMorgan Chase occurred using a similar tactic through a running charity operated by the financial company.
Where Should Your Business Focus Their Cyber Security Efforts?
Taking the time to step back and identify your biggest assets and the risks to those assets is step one to crafting a cost-effective approach to cyber security that increases your company’s value and gives you a competitive advantage over the competition.
Once you’ve done that, you can start building the safeguards and systems to protect you from your largest exposures.