How’s Your Cybersecurity? 5 Steps For Improvement

Cybersecurity continues to be a difficult beast for companies to master; according to a 2018 Forrester report, while a majority of companies are more than aware of the potential consequences associated with a cyberattack, seven out of 10 companies evaluated failed to qualify as “cybersecurity ready.”

This is especially alarming since the number of attacks are increasing year by year; by 2018, 446.5 million pieces of data were stolen as a result of a successful cyberattack.¹

The most common threats were external; Forrester reported that the most-experienced cyberattacks were virus/worm infestation, ransomware, and DDOS. The first two are often delivered via “phishing” attempts, which, despite being a well-known cybersecurity issue, continue to be a constant threat on both the consumer and enterprise level.

Here, we discuss the potential impact of a security breach on a business, and review some strategies that your company can implement to help minimize the chances of as well as create preparations for responding to the fallout of a cyberattack.

Long-term Impact is Still Unknown

Comprehension of the overall, long-term impact of a cyberattack on a business is still in flux; while there is a financial burden in the forms of legal costs, public relations costs, opportunity costs, and other breach and mitigation relief costs, the potential of losing customer trust in a company’s brand and reputation is seen as a greater and more enduring downside. One estimate stated that organizations stand to face an average cost of $2.8 million when losing just 1% of their customers from loss of trust through a cyberattack;² 4% or more was equivalent to a loss of $6 million.

The ability to keep the massive amounts of information that businesses collect from consumers safe is a major part of earning and retaining trust from those consumers. According to Gemalto, 64% of respondents to a survey regarding customer loyalty, trust, and data breaches stated that they were unlikely to do business with a company where their financial or sensitive data was stolen.

And while larger businesses like Target, eBay, and Sony are often in the news after suffering an attack, Forrester found that there has been an increase in the number of attacks plaguing businesses with 250 employees or more. No one is safe from the threat of a cyberattack on their ecommerce product or platform.

There is Hope

Understanding and preparing a plan to fight back against the seemingly unrelenting threat of a cyberattack sounds like an exhausting endeavor to even consider. While breaches seem inevitable, there is light at the end of the tunnel.

Another study sponsored by Experian found that companies who were proactive and focused on a holistic and aligned cybersecurity strategy reported only a 5% increase in cyberattacks compared to the previous year. The study also highlighted a set of guidelines that companies of all sizes can implement to be more proactive against the potential of suffering a cyberattack.

So what sets a “cyber expert” apart from a “cyber novice,” according to Forrester? A few things:

• A clearly defined cyber strategy.
• Security training for employees, buttressed by awareness testing.
• Investing in cyber insurance.
• Prepared to make changes after a breach.

5 Steps To Becoming A “Cyber Expert”

What often set larger companies apart from smaller in terms of enabling cybersecurity readiness was funding and resources. Even if your company is on the smaller side and the idea of spreading the budget a little thinner is painful, taking stock of what you’re currently doing to promote cybersecurity and understanding your options, your weaknesses, and the potential threats that loom around your business is far better than waiting to deal with an attack after it’s already occurred.

Here are five tips for improving your company’s cybersecurity posture.

Create and rate a cybersecurity plan

Being aware of the potential of an attack is the first step. Having an ecommerce platform or accepting any kind of digital payment puts your company at risk of being targeted by hackers. Understanding potential threats will better enable you to understand how to prevent and, upon their happening, best respond to the fallout of an attack. Forrester found that many businesses took between a day and a month or more to fully resolve an attack; the longer a system remains exposed or a hacker is able to access your network, the more damage they can do. Plus, customers demand a quick response to a lull in security just as much as they demand quality customer service. The two go hand in hand.

Understanding the threat is one half of the comprehension battle; the other half is knowing what devices and networks store and have access to company systems and databases. According to the Experian study, only 35% of respondents stated that their company had a policy in place for dealing with unsecured IoT devices. Keeping inventory of all the devices—mobile or otherwise—plus what networks, systems, and databases they have access to allows companies to maintain awareness over potential weaknesses in firewalls and other security measures. Find a potential backdoor before a cybercriminal does.

 Train your employees

Anthem’s security breach on Feb. 18, 2014, started when a user within one of Anthem’s subsidiaries opened a phishing email containing malicious content. Phishing is a type of social engineering that attempts to trick a user into providing information or visiting a malicious URL that could potentially compromise systems through emails, social media, instant messaging, and SMS. Sixty-five percent of professionals have identified phishing as the biggest threat to their organization;³ email is found to be responsible for 92% of malware infections via phishing scams.⁴

If all of that isn’t enough to impress the importance of training your employees about cybersecurity, we’re not sure what will. According to Experian, the likelihood of a data breach was significantly reduced when awareness training specifically targeted employees and other stakeholders in business processes who work with or access sensitive or confidential personal information. When organizations implemented training, 79% avoided a breach versus 69% of those who were hacked.

 Engage management

The hack into Sony’s corporate servers ended up intensely embarrassing the media giant after awkward executive emails, internal salary lists, and more than 47,000 Social Security numbers belonging to employees were leaked over a three-week period. Security Magazine reports that it’s somewhat surprising that a successful attack had not been completed sooner after hearing stories about the company’s security practices, which included unescorted guests inside corporate facilities, administrative computer terminals left logged in but unattended, and an overall lack of managerial oversight.

Making data security a priority among C-suite executives and corporate board members translates into keeping records safer. Experian’s study found that 54 percent of executives and 39 percent of directors were knowledgeable and engaged in planning data breach responses. At companies that were breached, 49 percent of executives and 32 percent of board members were involved with cybersecurity response. Company-wide initiatives work best when they’re implemented at the highest levels.

 Share insights and learn from others

According to the Experian study, there is value in sharing information. Fifty-nine percent of businesses that joined an information sharing program did not suffer an attack, while 46% did. Learning about attacks on other companies might illuminate niches that you’ve forgotten to check, or suggest new solutions that might be a better fit for a partner business than it was for yours. Especially since cybercriminals are working out of sight and the information used to attempt to prevent future attacks is often already old by the time the attacker is gone, it’s better for businesses to work together in order to fend off attacks.

Aside from that, it’s difficult to know if what you’re doing is right; Forrester found that many companies were overconfident when it came to understanding and implementing best practices for cybersecurity. Having comparison is important for innovation and growth. Another interesting insight is that sharing information enabled businesses to respond in a timelier fashion to mitigate the damage of a discovered and ongoing attack.

 Invest in technology

Experian researchers found that more investment in cybersecurity technology seemed to pay off. One of the most common factors among companies that prevented breaches was increased spending on technology to detect and prevent attacks. Of companies that prevented breaches, 73 percent had increased their tech spending, versus 61 percent of those companies that were breached.

For small businesses, investing in better technologies can be a difficult justification to make. But by creating a plan, evaluating risk factors, and informing C-suite executives of the issues at hand, it’s possible to make a case to argue for software and other technologies that will better protect your company from the much bigger cost of a cyberattack.

Partnering with a technology expert can help bridge the gap between funding and knowledge, especially if your company is not technology focused.

Cybersafety is a Process

As the Boy Scout motto goes, “Be Prepared.” Taking several proactive and preventative measures can lessen the chance or the amount of data a cybercriminal might gain access to. It’s clear that companies who make an active attempt to lessen the chance of a cybersecurity breach see a pay off in fewer attacks, which increases trust with customers and protects your company’s bottom line against a mass exodus of clients looking for greener pastures.

By conducting regular reviews of physical security and access to confidential information, instituting third-party cybersecurity assessments, and making data breach response part of a business continuity plan, companies have found a way to fight back against an anonymous and nebulous threat.

Interested in talking security, or looking for a technology partner who can assist in evaluating and analyzing your current cybersecurity posture?

Softjourn, Inc. is a global technology services provider with decades of experience in the financial, cards & payments, and media & entertainment sectors. We have provided solutions with the most current technology, including artificial intelligence and blockchain. Ensuring our customer’s security and peace of mind is our number one concern when it comes to developing solutions for our clients’ needs.

We have our own R&D centers in Ukraine and Poland, which uniquely positions us to understand and provide the best possible solution for cybersecurity needs. Reach out today so we can get a jump start on what cybercriminals might already be aware of.