Cybersecurity risk is increasing, driven by global connectivity and usage of cloud services, like Amazon Web Services, to store sensitive data and personal information. Widespread poor configuration of cloud services paired with increasingly sophisticated cyber criminals means the risk that your organization suffers from a successful cyber attack or data breach is on the rise.
Gone are the days of simple firewalls and antivirus software being your sole security measures. Business leaders can no longer leave information security to cybersecurity professionals.
Cyber threats can come from any level of your organization. You must educate your staff about simple social engineering scams like phishing and more sophisticated cybersecurity attacks like ransomware attacks (think WannaCry) or other malware designed to steal intellectual property or personal data.
GDPR and other laws mean that cybersecurity is no longer something businesses of any size can ignore. Security incidents regularly affect businesses of all sizes and often make the front page causing irreversible reputational damage to the companies involved.
If you are not yet worried about cybersecurity, you should be.
What is cybersecurity?
Cybersecurity is the state or process of protecting and recovering computer systems, networks, devices, and programs from any type of cyber attack. Cyber attacks are an increasingly sophisticated and evolving danger to your sensitive data, as attackers employ new methods powered by social engineering and artificial intelligence to circumvent traditional security controls.
The fact of the matter is the world is increasingly reliant on technology and this reliance will continue as we introduce the next generation of smart Internet-enabled devices that have access to our networks via Bluetooth and Wi-Fi.
The importance of cybersecurity
Cybersecurity’s importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.
The fact of the matter is whether you are an individual, small business or large multinational, you rely on computer systems every day. Pair this with the rise in cloud services, poor cloud service security, smartphones and the Internet of Things (IoT) and we have a myriad of cybersecurity threats that didn’t exist a few decades ago. We need to understand the difference between cybersecurity and information security, even though the skillsets are becoming more similar.
Governments around the world are bringing more attention to cybercrimes. GDPR is a great example. It has increased the reputational damage of data breaches by forcing all organizations that operate in the EU to:
Communicate data breaches
Appoint a data-protection officer
Require user consent to process information
Anonymize data for privacy
The trend towards public disclosure is not limited to Europe. While there are no national laws overseeing data breach disclosure in the United States, there are data breach laws in all 50 states. Commonalities include:
The requirement to notify those affect as soon as possible
Let the government know as soon as possible
Pay some sort of fine
California was the first state to regulate data breach disclosures in 2003, requiring persons or businesses to notify those affected «without reasonable delay» and «immediately following discovery». Victims can sue for up to $750 and companies can be fined up to $7,500 per victim.
This has driven standards boards like the National Institute of Standards and Technology (NIST) to release frameworks to help organizations understand their security risks, improve cybersecurity measures and prevent cyber attacks.
What is the impact of cybercrime?
A lack of focus on cybersecurity can damage your business in range of ways including:
- Economic costs: Theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems.
- Reputational costs: Loss of consumer trust, loss of current and future customers to competitors and poor media coverage
- Regulatory costs: GDPR and other data breach laws mean that your organization could suffer from regulatory fines or sanctions as a result of cybercrimes
All businesses, regardless of the size, must ensure all staff understand cybersecurity threats and how to mitigate them. This should include regular training and a framework to work with to that aims to reduce the risk of data leaks or data breaches.
Given the nature of cybercrime and how difficult it can be to detect, it is difficult to understand the direct and indirect costs of many security breaches. This doesn’t mean the reputational damage of even a small data breach or other security event is not large. If anything, consumers expect increasingly sophisticated cybersecurity measures as time goes on.