In September 2016, tech company, Yahoo, disclosed that 500 million user accounts had been hacked in 2014. In December of the same year, they released a statement saying that a separate breach in 2013 compromised more than 1 billion accounts.
Security experts have criticized the former internet giant for not taking the necessary steps towards cyber security, and as a result, the company’s revenue and profits have fallen steadily in the last couple of years.
Just like Yahoo, any business is a potential target of cybercrime. The majority of companies worldwide—90% of them to be exact—realize this, but feel that they are “insufficiently prepared to protect themselves against [cyber attacks].”
Fortunately, the battle against security breaches is not a losing one. Aside from getting security advice from IT support companies, you can also check out this visual guide to cyber risks to help your business be better prepared against them.
Cost of Neglecting Cyber Security
- Cybercrime is the second most reported economic crime affecting 32% of organizations around the world.
- Cybercrime costs the global economy over US$400 billion per year.
- In 2013, some 3,000 companies in the United States had their systems compromised by criminals.
- Cybercrime damage costs to hit $6 trillion annually by 2021.
- According to a report by internet security firm Symantec, the total number of data breaches have gone up from 253 in 2013, to 312 in 2014, to 318 in 2015.
Top Cyber Security Risks to Businesses
1. Innovation without a security posture
Business innovation improves efficiency and the bottom line. However, it also often leads to higher cyber crime risks. Before engaging in new business opportunities and changes in operations, assess potential security risks first to improve security posture.
2. Absence of information management policies
Only 39% of companies have information management policies in place, and those without often suffer costly cyber attacks. Information management should include backup and recovery, archiving, and encryption processes.
3. Lack of information governance practices
Less than 30% of organizations have information governance practices. Every business must know the information they have, where it is, and how valuable it is, and then, establish policies for its protection.
4. Allowing removable media
Controlling and even limiting the use of removable media such as USB flash drives and external hard drives for the import and export of information is essential.
5. Insufficient application security controls
Companies must ensure the necessary security is built into the applications, and vulnerabilities are addressed before launching customer-facing software. Controls such as penetration testing, security patch management, and dynamic and static scanning must be in place.
6. Lack of a cyber incident response plan
Only 37% of organizations have a cyber incident response plan. Employees must oversee how data flows through the system and be equipped to take action against potential cyber attacks immediately.
7. Employing a bring your own device (BYOD) policy
BYOD accounts for 72% of data leakage/loss, 56% unauthorized access to company data and systems, 54% of unsafe apps downloaded, and 52% malware.
8. Inadequate malware protection
Businesses should not only have policies that cover email, web browsing, and the use of personal devices but also install antivirus software and regularly scan for malware.
9. Third-party risk
Many breaches in recent years happened via third-party vendors. Organizations can reduce the risk by conducting audits of suppliers’ data protection practices.
10. Not employing SIEM
Companies that deploy security information and event management (SIEM), with features like monitoring and correlating in real-time to detect critical and unknown threats can cut costs caused by cyber crime.
11. Lack of knowledge and preparation against common attacks
The top 5 cyber security threats to become most prevalent in the next 3 years are:
- Zero-Day Attacks (49%): Targeting system vulnerabilities yet to be discovered or patched.
- Cloud-Data Leakage (41%): Uploading of sensitive company information to cloud services like Google Drive and Dropbox.
- Mobile Malware (38%): Target operating systems on mobile devices and allow hackers to steal device information.
- Targeted Attacks (38%): Use of hacking methods to attack a specific person or organization.
- SQL Injection (37%): Execute malicious code to a server and steal/delete/modify data on the affected server.
Cyber security is an important issue that organizations must prioritize today. Since banking, healthcare, and practically every industry is increasingly networked and digitized, the cyber security threats and breaches that go with the innovation are expected to increase. As such, a security posture for any organization, big or small, is no longer optional.
With the right level of preparation and expert assistance from IT support companies, it is possible to reduce the risk, control damages, and even recover from a cyber breach and its consequences.