Cybercrime is a huge threat for businesses across the globe and it is growing. Estimates suggest that, worldwide, there is a $400 billion bill left to pick up every year as a result of such crimes.
No-one is safe. The list of high profile victims –like Sony, Target, Staples, TalkTalk – serves to show the ability of those carrying out the attacks. One study in the UK estimates that 90% of large businesses suffered some form of information security breach in 2015. The techniques are sophisticated, the hackers are audacious and the consequences can be far reaching.
The cost of an attack is financial in the short term and reputational in the medium to long term, meaning it can take a long while for a company to fully recover. The Ponemon Institute, in partnership with Hewlett Packard, estimated that the average cost to an enterprise is $7.7 million – a big hole in the budget that any company can ill afford to lose.
With numbers so high, the situation is crying out for action from businesses, and no company can simply afford to sit tight and hope they won’t be targeted.
Here are some issues that every organization must consider:
Updates: All software needs updates every now and again. Updates contain the latest patches and optional solutions for problems and weaknesses that attackers might exploit.
It’s important for every company to make sure updates are made as soon as possible and technology is used to assist the delivery of this over a big scale in a short time period.
Passwords: Passwords are a weak point for many businesses. Attempts are made to replace passwords with biometrics but for now the humble – and hackable – password remains and that means businesses require password management. Companies should insist on certain standards when it comes to the choice of passwords and must insist these are regularly changed.
Training: Software and hardware are only ever as good as the people who use them. Big organizations with large workforces must make sure that every employee is fully trained to use the systems they require. Human error can easily let a hacker past your defenses, and the latest trend of ‘spear phishing’ works by trying to gain entry to a company’s system through an employee’s computer. Make sure staff understand the threats they face and how to ward them off.
Software: A specialist and sophisticated cyber threat calls for specialist and sophisticated software to combat it. When it comes to fraud management in the finance sector, for example, businesses need real-time customer-focused software that can alert them at the very earliest opportunity to a threat. Put simply, your data and reputation carry a great price so it is well worth investing money in protecting them. Software has to be able to detect and protect against the latest threats.
Encryption: Even if your system is breached, there’s no need to make it easy for attackers once they’ve overcome your defenses. Encryption is a vital way to add a further level of protection to your data. It’s the difference between criminals getting in or not getting in to your customers’ bank accounts. It’s also important in ensuring that if hardware such as phones and laptops are taken they are rendered ineffective.
These factors aren’t guaranteed to stop a cyber attack – but they should plug gaps in your arsenal. Online criminals, just as those in the real world, will happily take up an open invitation to attack if you give it to them.