It’s time to heighten benefit of cybersecurity
While high-profile cyberattacks against governments, large banks and businesses have made news recently, small and medium size businesses are now also attractive targets of cyber thieves. The frequency فناوری اطلاعاتand complexity of online attacks against business continues to increase. More attacks are surgically short and snappy and cannot be seen, ever-changing and pervasive. They’re very hard to detect, and even when detected, they’re hard to contain.
The Deloitte 2012 Global Financial Services Industry Security Study points out that even as cybersecurity practices mature and advance, nearly 25% of business participants indicated they experienced security breaches in the past 12 months. More than 50% of bank participants consider security breaches involving third-party organizations as a high threat.
Not only can an information security breach cost your company money, in many industries such as financial, healthcare and education, breaches must be made public under state and federal compliance regulations. Consequences of cyber crime include customer notification and remediation costs, increased cybersecurity protection costs, lost revenues, possible litigation, impact on shareholder value, and damage to reputation.
Businesses of all sizes are at risk, but small and medium businesses in particular are low hanging fruit for digital thieves and the attacks are growing daily. To make it even easier for cyber thieves, the SMB user community will often click on any link, access any site, or install any application that suits them in disregard or ignorance of the extremely real dangers.
From a network security perspective, SMBs typically lack the time, expertise and money required to properly strengthen their defenses. In addition, a small business owner or CEO might say, “Why what’s spend money on security? Why would online hackers attack me? I’m just a small supply company with 40 Pcs and one server. inch
Traditionally, cybersecurity has been thought of as an IT issue and is most often included as part of operational risk management. The mistaken forecasts that “the IT guys can handle the problem” leads to the dangerous situation where most employees don’t feel that they must cause the security of their own data. A firm’s finance, recruiting, sales, legal, and other section all own critical data; and just one employee can inadvertently open a webpage to attack.
Nonetheless, the tendency is to believe that the duty for securing data rests down the lounge with the IT department. Too often, the IT manager must try to balance the risk against the resistance he or she meets from the reception desk right to the corner office.
This mindset needs to change.
The potential negative consequences of cyber attacks on a business are so significant that it is time for cybersecurity and information risk management to be elevated to its very own INFOSEC category coverage to the Chief Vip’s.
Boards of directors, general counsels, chief information security reps, and chief risk reps need to understand and monitor their organization’s level of planning and preparedness to treat cyber risks.
An up to date study by Corporate Board Member/FTI Consulting Inc. found that one-third of the general counsel surveyed believe that their board is not effective at managing cyber risk. Only 45 percent of directors in that study said that their company has a formal, written crisis management plan for dealing with a cyber attack, and yet 77 percent of directors and general counsel believe that their company is able to detect a cyber breach, statistics that reveal a “disconnect between having written plans and the perception of preparedness. inch Indeed, a 2012 governance survey by Carnegie Mellon CyLab concluded that “boards are not try really hard to addressing cyber risk management. inch
Only 25 percent of the study’s participants (drawn from Forbes Global 2000 companies) review and accept top level policies on privacy and information technology risks on a regular basis, while 41 percent rarely or never do so. These figures indicate a need for boards to be more into action when it comes to overseeing cybersecurity risk management.
The internet Security Alliance (ISA) recommends the establishment of a Cybersecurity Operation Center to monitor traffic and data and try really hard to respond to attempted intrusions and breaches. A cyber risk analysis should be an inclusive element of your risk management plan. If you are a smaller business who outsources security through an IT services firm, you should receive regular threat monitor reports for analysis as well as support of compliance requirements for cybersecurity.
Businesses with the lowest relative cybercrime costs tend to have a dynamic cybersecurity plan and utilize a network security system and event management tool, according to the Ponemon study. Businesses that employed security intelligence tools lowered their cybercrime costs by an average of $1. 6 million every year, partially by being able to spot and respond to breaches more quickly.
The consequences of cyber crime can ripple through every department of each one business with substantial and devastating effects. Every IT manager, regardless of business size, should be known as the director of cybersecurity risk management. A cross-functional approach should involve all section in your company and increase the awareness of and responsibility for cybersecurity by every employee from the C-suite down.