Business in the time of cyber warfare: how to protect your company.
Notice how every every day seems to bring news of a bigger, scarier-than-ever data breach? As individuals, we gloss over these breaches with relative ease – despite the exploding headlines and the fleeting thought of ‘should I delete my Facebook account?’ our lives go on fairly unchanged.
But to companies, the breaches pose an incredible (and costly!) threat. An astonishing 2 billion records were lost or stolen in the first 6 months of 2017; a 164% increase over the previous six months. Not scary enough for you? Get this: on average, companies suffer 130 data breaches each year – that’s a 27.4% increase over 2016, which itself was not a model year for cyber security.
With each Equifax, Target, and Deloitte scandal, the stakes increase exponentially. The public is taking note, and the moment your customers don’t feel their data is safe – you’ve lost. Here’s everything you need to know to protect your company:
No one’s safe: data breaches by the numbers.
2017 saw more data breaches than any previous year – more even than most years combined. The industry hardest hit? Financial Services, closely followed by Healthcare.
Worldwide, the average cost of a cyber breach totaled 11.7 million per company. In the US, that number climbed to 21.22 million per company hit. These numbers come as the result of a comprehensive, 10 year study conducted by the Ponemon Institute.
In case you forgot – and it’s easy to, given the sheer number of cases – here are a few of 2017 and 2018’s biggest scandals:
Arby’s, Best Buy, Chipotle, Deloitte (once termed ‘the best cybersecurity consultant in the world’), Delta, DocuSign, Equifax, Forever 21, Gmail, IHG hotels, an IRS-built app, Saks fifth avenue, Sears, Sonic, TaskRabbit, Uber, Under Armour, Verifone, Verizon, Whole Foods, WWE, Xbox 360
Not included is the Russian infiltration of DNC servers and documents, and even with that, the list represents only a small fraction of the past year’s breaches.
Maybe most shocking? The price paid in ransomware attacks – which target businesses and individuals alike – rose 266% in 2016 from the year prior.
Smart companies are taking immediate action. Just recently, the ‘Cybersecurity Tech Accord’ was signed by 34 global tech entities, pledging to band together against future cyber-attacks.
But what do you do if you’re not one of the 34 biggest companies worldwide? Who’s going to watch your back?
Identifying your vulnerabilities.
Most companies can’t afford leading-edge incident response teams or PR firms to fix the mess once the damage is done. If you fall into this category, you’ll have to depend on your own workers – plus a few strategic hires – to protect your company.
This brings us to an alarming fact: contrary to popular belief, your biggest threat is not hackers. It’s your own people. This can mean two things:
1. Your people are a threat to your company’s security because they are not properly trained or digitally fluent.
Recent studies identify employee training in the top 3 most significant ways to decrease the cost-per-breach, outdone only by highly sophisticated encryptions and, in 1st place, the deployment of an incident response team.
Seems easy enough to fix, right? Train your people to be digitally savvy, and they won’t click on phishing scams or send your company’s private bank information to the first person who asks nicely.
If only it were that easy. The trouble with training is that it’s usually not a one-and-done sort of thing; for it to be effective, you’ll need to have regular, varied, and specific training sessions for different parts of your workforce. This method keeps employees engaged while catering to their specific needs.
2. Your people are a threat to your company’s security because they themselves are intentionally exposing information.
Amazingly, nearly 40% of cybersecurity incidents involve insiders intentionally sharing otherwise protected data, a la Edward Snowden or Chelsea Manning.
The best way to protect against these breaches is to keep a careful eye on your security permissions. When someone switches roles, how quick are you to change their security clearances? When someone leaves the company, do you immediately take them off all distribution lists and revoke their access to company material?
It’s hard to question your own workers, but when 40% of data breaches are coming from the inside, vigilance isn’t optional.
Who you need to hire, right now.
Chances are, 2018 is not going to be any safer than 2017. At Proven Recruiting, our dedicated team of technology recruiters are intimately familiar with the ins and outs of cybersecurity hiring. So, who do you need to hire to protect your company?
This is your frontline, go-to security person. They build your system from the ground-up with an eye towards security, making sure that each element of your system is properly integrated and protected from malicious users and malware.
Turn to your Security and/or Vulnerability Analyst to identify your weaknesses. They can hone in on which part of your system needs added support.
Your Penetration Testers make it their mission to get through all the firewalls, encryptions, and security softwares you’ve set up. They are trained hackers, poised to find the lingering holes in your system.
Internet Security Engineers
The Internet Security Engineer will ensure that, when you send messages or attachments across what is essentially an unsecure network – the internet – you are not leaving yourself vulnerable to threats. They’ll set up protocols and encrypted connections to protect your transmitted data.
The future of the Internet.
If you follow all of the above guidelines, you’ll be well on your way to not only protecting your company, but complying with new changes in EU legislation. Fueled by recent scandals, the European Commission has passed the General Data Protection Regulation, or GDPR, which goes into effect May 25th. This legislation impacts any company – US or otherwise – which stores the personal information of EU citizens.
GDPR functions mostly to reign in the Facebooks of the world – the companies misusing or abusing your data by selling it at a profit. But it also protects companies; by requiring robust systems to protect data, GDPR significantly decreases the likelihood of your business being hacked by a third party.
How you use your company’s data, and how you protect that data, will inform your public image and market value. So make sure you’re making smart decisions, hiring the right people, and protecting your assets. Get in touch to discuss your hiring options.