Cyber Attacks - The New Normal

It is time to increase cybersecurity's importance

Cyberattacks on large banks, governments, and businesses have been the focus of media attention in recent months. However, cybercriminals are also targeting small and medium-sized businesses. Online attacks on businesses are increasing in sophistication and frequency. Attacks are becoming more surgically precise, invisible, pervasive, and ever-changing. They are difficult to detect and can be hard to contain.

According to the Deloitte 2012 Global Financial Services Industry Security Study, almost 25% of respondents said they have experienced security breaches within the past 12 months. Security breaches involving third parties are viewed as a high-risk threat by more than half of bank respondents.

A security breach can cost your company money. In many industries, such as education, financial, and healthcare, the breaches must be made public according to state and federal compliance regulations. Cybercrime can lead to customer notification and increased cybersecurity protection costs as well as lost revenues and possible litigation. It can also impact shareholder value and cause reputation damage.

All businesses are at risk. However, small and medium-sized businesses are particularly vulnerable. The attacks are increasing daily. Cyber thieves have made it easier for the SMB user group to click on any link, access any website, or install any app they like, despite their ignorance or disregard of the real dangers.

SMBs are often lacking the expertise, time and money to adequately strengthen their network security. A CEO or owner of a small business might ask, "Why should we spend money on security?" Is it possible for hackers to attack me? "I'm a small supply business with 40 computers and one server."

Cybersecurity has traditionally been seen as an IT issue. It is often part of operational risk management. It is dangerous for employees to believe that IT professionals can solve the problem. This leads to a situation in which they don't feel the need to take responsibility for their data security. Every department in a corporation has critical data. Even one employee could accidentally open a door to attack.

However, it is easy to think that IT departments have the responsibility of protecting data. Too often, IT managers must balance risk and resistance from the reception desk to the corner office.

This attitude must change.

Cyberattacks on businesses can have such devastating consequences that cybersecurity and information management should be given its own INFOSEC category reporting directly to the Chief Executives.

Boards of directors, general counsels and chief information security officers and chief risk officers must understand and monitor the organization's readiness and level of planning to deal with cyber risks.

Recent research by Corporate Board Member/FTI Consulting Inc. revealed that one-third (33%) of general counsel believe their board isn't effective in managing cyber risk. According to the study, only 42 percent of directors said their company had a formal written crisis management plan. Yet, 77 percent of general counsel and directors believe their company is ready to deal with a cyberattack. These statistics show a disconnect between written plans and perceptions of preparedness. Carnegie Mellon CyLab's 2012 governance survey found that boards are not actively managing cyber risk.

Only 25% of respondents to the study (drawn from Forbes Global 2000 businesses) regularly review and approve top-level policies on privacy or information technology risks. The remaining 41% rarely, if ever, do so. These numbers indicate that boards need to be more proactive in overseeing cybersecurity risk management.

Internet Security Alliance (ISA), recommends that a Cybersecurity Operation Center be established to monitor traffic and data, and respond to any attempted intrusions or breaches. Your risk management plan should include a cyber risk assessment. You should be receiving regular threat monitor reports if you have a small business that outsources cybersecurity to an IT service provider. These reports will provide support for compliance requirements and analysis.

According to Ponemon, businesses with the lowest cybercrime cost tend to have a robust cybersecurity plan and use an event management tool and a network security system. Companies that used security intelligence tools reduced their cybercrime costs on average by $1.6 million annually. This is due to being able to detect and respond faster to breaches.

Cybercrime can have devastating and significant consequences for every department in a business. No matter the size of your business, every IT manager should be considered the director for cybersecurity risk management. Cross-functional approaches should be used to involve all departments within your company. This will increase cybersecurity awareness and accountability for every employee, from the C-suite up Fortinet España