Are You Cyber Aware?
Cyber theft is the fastest growing form of crime in the United States, impacting companies of all sizes, from Fortune 500s to mom and pops. Attacks are increasing in size, scope, and sophistication as criminals become more skilled, focused, and deliberate.
The growing value of data
In the words of IBM chairman Ginni Rometty, “We believe that data is the phenomenon of our time. It is the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
Data is a commodity for cyber criminals, who can use it to commit complex forms of fraud or for simple, immediate financial gain. Depending on the nature of your business, the data of value may include account numbers, passwords, and customers’ personally identifiable information. However, others might be concerned with the security of their marketing information, company contracts, or other intellectual property.
The problem is evolving as the business landscape becomes more interconnected:
- As companies develop tighter integration with their business partners, one breach can now put everyone in the supply chain at risk.
- Digitation of business processes and interconnected technological systems are also exposing companies to new vulnerabilities.
- As work and life merge, so do our personal technologies. The expectation of 24/7 availability has led to the increased usage of smartphones for business purposes. If a criminal obtains access to an individual’s mobile device, they have entry into a corporate network.
Companies are moving away from traditional business models as their customers now expect real-time, end-to-end digital experiences, available 24/7 through multiple channels. Businesses face the dilemma of providing this always-available, customer-centric experience while handling the ongoing challenge of keeping customer data secure.
What’s at stake?
According to a recent global survey by Accenture and the Ponemon Institute, the average cost of cybercrime has climbed to $11.7 million per organization in 2017. This is a 23% increase from the $9.5 million reported in 2016, and a staggering 62% increase over the past five years.2
A cyber attack can result in loss of sensitive data, disruption to the corporate network, and physical electronic damage. However, the longer-lasting (and potentially more damaging) impact comes from the breach of customer trust. A public incident that compromises customer data can undermine consumer confidence and be incredibly costly to a company’s reputation.
While there have been many recent cases of cybercrime in the news, there are also a great many incidents that go unreported. Companies are understandably reluctant to publically share their vulnerabilities or speak publically about paying ransom to a criminal.
The threat from within
According to IBM’s 2016 Cyber Security Intelligence Index, 60% of all attacks are carried out by insiders. Of these, three-quarters were intentional and one-quarter inadvertent.
The threat from within a business should not be underestimated, and this includes not only employees but also business partners and contractors. A company can implement the most stringent security measures, but it only takes one employee to respond to a fake email, log in remotely over an insecure connection, or ignore a potential workstation breach to place the entire company at risk.
The threat from the inside is especially dangerous because it comes from sources whom you believe to be trustworthy. Employees and other partners are less likely to be on your threat radar, making it easier to overlook the risks. A study by the Financial Planning Institute has found that one-third of employees are still not receiving any formal cybersecurity training.
An ongoing battle
An EY survey of over 1,700 global executives, information security managers, and IT leaders found that many companies do not have a cybersecurity solution that is well-aligned with the overall strategy of their organizations. Only 22% have fully considered information security implications in their organization’s strategy and plan. And only 5% have made significant changes to their strategy and plans after sensing they were exposed to too much risk.3
Cybersecurity is not just an IT issue – it’s part of an overall business strategy. Because there are business implications and trade-offs, senior-level executives must be the ones making the decisions necessary to protect business information while not restricting company growth and innovation.
It’s important to establish company culture where awareness and vigilance are top of mind at all levels. And this mindset should stem from the top down. Educate your employees. Teach them the ways cybercriminals can infiltrate company systems so they can be safe while using the company network and recognize the signs of a potential breach.
To proactively defend against external threats and manage risks, develop and implement a comprehensive, multipronged plan. This includes not only preventative processes but a comprehensive recovery plan to minimize the damage in the event of an incident.
Be prepared to consider the following:
- Identify and address the risks, establish cybersecurity governance, and develop policies and procedures to protect company networks and information.
- The threat landscape is moving too fast to fully prepare for every possible scenario. Analyze your critical dependencies. What, if compromised, could have a significant impact on your ability to do business?
- Prepare for the worst case scenario. It’s better to assume you will be attacked, so you can be ready when it happens.
To mitigate the internal risks, educate employees and create processes for the diligent monitoring of user activity and behavior. On an ongoing basis, ask: Who has access and why? What are they doing, where are they doing it, and (again) why?
Keeping your data safe
As a provider of business translation services, Eriksen is part of the supply chain for many companies that handle sensitive client information. As such, we understand that the security of our environment directly impacts our clients and their reputation.
To protect our clients’ data, Eriksen has implemented stringent cybersecurity protocols. We retain a New York City cybersecurity firm, Information Technology Management Group, that works with our IT provider to develop and administer our cybersecurity program and monitor our environment 24×7. Eriksen takes all reasonable steps to secure our data through the use of technology, controls, and auditable policies, and we have processes in place to continually monitor and enforce these policies. Read more here.