When dealing with a cybersecurity breach, it can feel like the sky is falling. In a sense it is.
In 2019, the average cost of a single data breach was $3.92 million. This can include downtime, the cost to restore data, loss of business and customer confidence, fines and other related charges.
According to multiple authorities and security providers such as Aruba, Cisco and Palo Alto, as well as research conducted by institutions such as the University of Maryland, in North America alone, there are over 1,000,000 cyber attacks each and every day of the year. And malware attacks have increased 350% in the past year – and the numbers continue to climb as people continue to work remotely.
Even a small attack can set a business back and cost precious time, money and resources. Security companies predict that today’s rapidly evolving technologies, and adoption of new applications, will result in a new “boom” of cyber-attacks.
For example, attacks on collaboration platforms alone have increased by 300% since February 2020. Although major corporate breaches make headlines, nearly half of breach victims are smaller organisations – and the impact on these businesses is usually greater, because they often have fewer resources with which to recover and rally.
For companies of all sizes, having to deal with legacy systems compounds the problem. Introducing new applications, adding new endpoints and other hardware, making it possible for employees and other stakeholders to connect remotely, and otherwise increasing demands on the network, opens you up to vulnerabilities in multiple areas.
A July 2019 study conducted by the Ponemon Institute shows that 57% of breach victims indicated they had been aware of a network security issue but that it had not been addressed prior to the attack.
One of the challenges for IT professionals can be convincing senior management that security investments are an important component of fiscal responsibility. Something that has worked well for some clients: Calculate how much revenue would be lost if the company were to halt operations for five days. Now, add in the fines levied in your region for data privacy breaches. Although this figure will only represent a portion of the dollars at risk from a data breach, it is usually a scary enough sum to prompt a loosening of IT budgets.
The same Ponemon Institute study suggests that over half of IT leaders don’t know how well their security is operating. For this reason, it is advisable to hire an outside expert to conduct a security assessment at least once a year. This will give you a list of where you are vulnerable, Firms are also advised to consult their network and other business insurance requirements – for some types of businesses, the insurance is not valid if a network security audit is not completed every 3 – 6 months.
Once you are confident your network is secure, it is a good idea to conduct a penetration test, too. This is when an expert will attempt to breach your network using a combination of remote white hacking and social engineering. 99% of malware is delivered via email, with spoof emails appearing to come from the company’s HR department getting the highest open rates. USB keys, charging cables and other such “gifts”, can also impact the payload. We combine multiple approaches, with various levels of escalation, when conducting pen-testing. The results usually surprise (read “shock”) our clients.
As the world upgrades its platforms to accommodate the “new normal”, it is imperative to consider the security implications of these changes.
Please contact us to learn more about conducting a security/system vulnerability assessment or penetration testing. In the meantime, ensure you back up everything and ensure your disaster recovery plans and protocols are in place.
.webp)