Surely you’ve recently heard of the Equifax security breach that occurred this summer, in which hackers gained access to sensitive information of 143 million Americans (Buhr, 2017). Maybe you’ve also read about Yahoo’s announcement that not 1 billion, but all 3 billion of their user accounts had been compromised by hackers back in 2013 (Hautala, 2017). If you made use of their services, it might be a good idea to change your password now. Go on, I’ll wait.
Changed your password? Good.
The advent of the Internet and digitalization of business processes ensures that many organisations can now better meet customer demands in ways never realized before, for instance through the use of Big Data and artificial intelligence. However, there’s always two sides to the same coin. Digitalization also implies that sensitive data of organisations and its customers are now also accessible to malicious parties, as has been illustrated by the Equifax and Yahoo breaches. Therefore, it’s important, now more than ever, that organisations start to understand the importance of cyber security and make it their number one priority.
Why do organisations suffer from cyberattacks in the first place? It’s quite simple: most of them simply do not understand the relevance of cyber security. In fact, according to EY’s 19th Global Information Security Survey of 2017/2017, only 22 percent of global executives and managers integrate information security measures into their strategy and planning, which makes it difficult to effectively design a contingency plan and prevent cyberattacks from occurring (Banham, 2017). And this complacency can be seen to trickle down from the top of the organisation to its employees, as the root cause of data breaches is caused by employee negligence, the so called ‘Human Factor’ (Ponemon, 2012). For an organisation, this is a risky state to be in, as cyberattacks are only getting more sophisticated by the day.
This complacency also leads to severe consequences. In fact, cyber-crime related issues cost the Dutch government and corporations annually around 10 billion euros (Deloitte, 2016). Furthermore, this also includes costs of information theft, business disruption, equipment damage and lost revenue (Ponemon, 2016). Not to mention the reputational damage and the expensive lawyers that organisations need to hire in response to massive class action lawsuits organized by not all too happy customers whose personal data has been breached. Equifax is already facing up to 70 of these lawsuits (McCoy, 2017).
So, how should organisations defend themselves against cyberattacks? First off, executives and managers have to understand that cyber security is extremely important, and that it should be implemented into their strategy. For instance, they could set up a Security Operating Center in order to prevent, monitor and respond to cyberattacks, as well as securing software and hardware being used by employees. Furthermore, it’s also important to educate employees about the ways in which they could accidentally expose sensitive data to malicious parties, through methods ranging from social engineering to accidentally leaving behind a USB stick full of company data in a café.
Organisations should also familiarise themselves with the latest developments in cyber defence. For instance, start-ups such as Empow, provide software that employs machine learning in order to detect a security breach and react with appropriate measures; it basically ‘reads the mind’ of the hacker (Greene, 2017). Another new way of stopping attacks, developed by security engineer Diogo Mónica, is through the use of ‘Crypto Anchors’; the IT architecture is designed in such a way that once a hacker is in the system, he or she won’t be able to get out due to a slow decryption process (Greenberg, 2017). These kind of new approaches could help organisations to defend themselves from hackers and their continuous improvement of cyberattack methods.
The last few years, organisations have experienced a rise in cyberattacks. Especially after the devastating effects of the ransomware WannaCry and the consequences of the Equifax breach, organisations will hopefully learn from others’ mistakes and start to prioritize cyber security. Nowadays, organisations should not be questioning if they will suffer from a cyberattack, but simply when it will happen.
Sources:
Banham, R. (2017). Why Cybersecurity Should Be A No. 1 Business Priority For 2017. Retrieved on 10 October, 2017 from https://www.forbes.com/sites/eycybersecurity/2017/03/20/why-cybersecurity-should-be-a-no-1-business-priority-for-2017/#2693368e1719.
Buhr, S. (2017). Former Equifax CEO says breach boiled down to one person not doing their job. Retrieved October 13, 2017 from https://techcrunch.com/2017/10/03/former-equifax-ceo-says-breach-boiled-down-to-one-person-not-doing-their-job/.
Deloitte (2016). Cyber crime costs Dutch organisations 10 billion euros each year. Deloitte. Retrieved on 13 October, 2017 from https://www2.deloitte.com/nl/nl/pages/over-deloitte/articles/cyber-crime-costs-dutch-organisations-10-billion-euros-each-year.html.
Greenberg, A. (2017). ‘Crypto Anchors’ might stop the next Equifax-style megabreach. Retrieved on 11 October, 2017 from https://www.wired.com/story/crypto-anchors-breach-security/.
Greene, T. (2017). Mind-reading AI is the newest defence against cyber attacks. Retrieved on 14 October, 2017 from https://thenextweb.com/artificial-intelligence/2017/09/11/mind-reading-ai-is-the-newest-defense-against-cyber-attacks/.
Hautala, L. (2017). Your Yahoo account info was definitely hacked – here’s what to do. Retrieved on October 13, 2017 from https://www.cnet.com/how-to/find-out-if-your-yahoo-account-was-hacked/.
McCoy, K. (2017). Do you want to sue Equifax over the cyberbreach? Winning a lawsuit may not be so easy. Retrieved on 14 October, 2017 from https://www.usatoday.com/story/money/2017/09/22/do-you-want-sue-equifax-over-cyberbreach-winning-lawsuit-may-not-so-easy/684455001/).
Ponemon (2012). The Human Factor in Data Protection. Ponemon Institute. Retrieved on 14 October, 2017 from https://www.ponemon.org/local/upload/file/The_Human_Factor_in_data_Protection_WP_FINAL.pdf.
Ponemon (2016). 2016 Cost of Cyber Crime Study & the Risk of Business Innovation. Retrieved on 14 October, 2017 from https://www.ponemon.org/local/upload/file/2016%20HPE%20CCC%20GLOBAL%20REPORT%20FINAL%203.pdf.
Hi Gabi, nice post and interesting topic. I think that such major breaches also serve as a wake up call and help to show the relevance of cyber security measures. Companies are more likely to get rid of this “won’t happen to us” mentality and actually equip their systems with the necessary security layers. Also laws, such as the coming GDPR, will contribute to data protection. Btw. there is a website on which you can check (based on your email address) whether you’ve been exposed to any data breach in the past: https://haveibeenpwned.com/