Cyber security breaches at your business come from a place you may least expect
October is National Cyber Security Awareness Month. For the past 15 years, the goal of this annual initiative is to raise awareness about the importance of cyber security.
In recent years, cyber risk has come out of the server rooms and into the boardrooms. That is a good thing. Cyber risk should be a priority for those in leadership roles in the organization, not just the IT professionals.
The data is clear that most businesses are at-risk for some cybercrime. In a Thales eSecurity 2018 Data Threat Report, it was found that 71 percent of 1,200 United States enterprises admitted to at least one data breach. Worldwide the numbers are slightly lower, with 67 percent of respondents reporting they had at least one successful attack.
The numbers are increasing for companies reporting breaches, but it is unclear if attacks are increasing, or if newer regulations which mandate globally organizations report successful attacks are increasing.
Successful cyber attacks affect the bottom line. The average cost of a data breach is $3.62 million. Though the average cost has declined by 10 percent in 2017 according to the Ponemon Institute which conducts independent research on privacy, data protection and information security policy, the number of compromised records per breach increased.
That said, even with companies spending about 79 percent more on increased IT security spending, it seems that the data breaches are not slowing down.
On average, it takes 191 days for companies to identify a successful attack. Add in the average time of 66 days needed to contain the breach that affects an organization’s reputation and resources.
Having systems in place is essential. In the Third Annual Study on the Cyber Resilient Organization conducted by the Ponemon Institute for IBM Resilient, 77 percent of the IT professionals surveyed shared that their organizations do not have a formal cyber security incident response plan. And 26 percent only have an ad-hoc process in place.
Despite the heightened concerns over cyber security, organizations do not have the basic cyber hygiene in place.
In the annual IBM Cyber Security Intelligence Index, they found that 95 percent of all cyber security incidents came down to human error meaning users clicked on links in emails enabling viruses or fell victim to phishing scams.
What does that mean for organizations attempting to navigate this cyber threat landscape?
It is back to basics by practicing good cyber hygiene to keep your organization safe. It is a company-wide effort. On-going cyber training is vital. It keeps everyone disciplined and aware.
There are some common mistakes people make that causes them to be open to cyber attacks. Caution them against doing the following:
▪ Sharing passwords with co-workers
▪ Having the same password for everything online
▪ Using obvious passwords like birth date, kids’ names, or “password,” etc.
▪ Storing passwords within reach of the computer like under the keyboard or on a sticky note on the monitor.
▪ Misplacing unencrypted USB drives
▪ Neglecting to report a lost smartphone, tablet or laptop
▪ Discussing sensitive information with “clients” without verifying their identity over email.
▪ Leaving documents containing sensitive information on desks
These may seem obvious, but most people are guilty of at least one of them. And that’s enough to open the door to successful cyber crime.
With a combination of technology, systems, and employee training, organizations can make it harder on the cyber bad guys to gain access to data.
This column was originally published in the Lexington Herald-Leader on October 26, 2018, and nationally distributed to over 300 media outlets through the Tribune Content Agency.