When it comes to cyber
security, corporate executives are either woefully under prepared or
completely ignorant about the potential threats their organization may face due
to a cyber-attack. Those who have the will and the requisite technology to
prevent such an attack and those who stay up-to-date with the current trends
and newer threats, as they emerge, are still equally vulnerable. But how is
that exactly? How real is the threat of cyber
security for your organization? Let’s begin by looking at the
numbers.
What
the statistics say
The data on cyber security
threats is distressing. And that’s not just due to the innovative nature
of the attacks. The real cyber security threat emerges from
the lack of preparation by organizations to stave off potential attacks. And
this is where we come face-to-face with the stark reality. Many surveys and
research reports highlight this lack of preparation, or sometimes even lack of
basic understanding of the issue.
Let’s begin with the most recent survey, conducted in April 2016. A
staggering 90 percent of the surveyed corporate executives stated that they
were unable to comprehend a cyber-security report
and were not sufficiently prepared to handle a major attack. Even more
surprising was that around 40 percent executives believed they could not be
held responsible in case of hacking or loss of customer
data.
This, then, leads us to conclude that the biggest cyber security threat to any organization
is the failure of the executives to recognize the lack of cyber security as
a threat. It’s a troublesome thought, one that quite clearly bothers Dave
Damato, chief security officer at Tanium, who conducted the survey. “I think
the most shocking statistic was really the fact that the individuals at the top
of an organization — executives like CEOs and CIOs, and even board members —
didn't feel personally responsible for cyber
security or protecting the customer data,” said Damato. “As a result
they're handing this off to their techies, and they're really just placing
their heads in the sand right now.”
Damato’s words cut to the core of the problem,
which is that cyber security is treated as an IT problem. Usually, it
is relegated to the dark corners of the office, and the technical staff is left
to deal with it. This blatant disregard for securing sensitive customer and
financial information, combined with management’s lack of initiative, leads to
half-baked cyber security measures, as
Trustwave’s State of Risk Report suggests. A majority of
the organizations surveyed had partial or no methods at all in place to control
and track sensitive data.
The
nature of the threats
Apart from the aforementioned problems, the nature of the looming cyber security threats is also disturbing.
Each year, cyber attacks grow both in number and destructive capability.
Symantec’s Internet Security Threat Report lays out
this problem in great detail. According to the report, the company discovered
an astounding 430 million new unique pieces of malware in just 2015.
This indicated a 36 percent increase from the year before. And this is just the
number of threats encountered by one cyber-security company, out of
many that are out there.
The report also states that over half a billion of personal
records were lost or stolen in 2015. But this is not even the tip of the
iceberg. The real problem lies underneath. A lot of companies simply don’t
report the data breach. “In 2015, more and more companies chose not to reveal
the full extent of the breaches they experienced,” according to the report.
“Companies choosing not to report the number of records lost increased by 85 percent.”
What
needs to be done?
This is the big question that all
organizations need to answer. Yes, cyber security poses a real threat
but what can organizations do to prevent security breaches? Fortunately,
we have some answers. Here are some of the steps your organization may take in
order to prevent cyber security threats.
Better management
The most significant way organizations need to handle cyber security is by getting involved at
the top management level. Leaving it for the technical staff to deal with, will
not bring you any closer to the solution. In fact, it would do just the
opposite. Executives need to step up to the task and take responsibility for
their actions.
“Gone are the days when cyber security was
considered just an IT issue,” says Stuart R. Levine. “Now, it requires a
multi-disciplinary approach for preparedness, oversight and execution. For
board members, cyber security preparedness is an enterprise risk
management priority, involving both management and the board.”
Employee training
One of the biggest cyber
security threats facing your organization is the carelessness of the
employees who handle sensitive information. Having weak passwords, losing
mobile devices containing sensitive company information, and clicking on
suspicious links are some of the actions of the employees that threaten the
security of the company.
Therefore, companies need to comprehensively
train their employees on cyber security and the proper way to handle
company information. By learning to protect themselves online, the employees
can also be better prepared to handle company data.
Data encryption and
security updates
Data encryption and running patch management
programs on potentially vulnerable software are the two of the most basic steps
that you can take to prevent cyber-attacks. It is essential not just to encrypt
all cloud-based data but to use strong encryption, for instance the AES
256-bit. It is also essential to regularly update and patch all office software
to protect them from vulnerability due to latest cyber threat.
Only with a comprehensive approach, focusing on all possible
weak points, can your organization ensure maximum cyber security.
No comments:
Post a Comment