Today we have witnessed impressive cyber-attacks that never seen in IT history, with high impact consequences for organizations in different sectors around the world. Amplified DDoS attacks reaching 1.7 Tbps of traffic, ransomware that generated financial losses of $ 5 billion (and is estimated to rise to $ 11.5 billion this 2019), mobile malware that reduces companies $ 16 million a year, theft of sensitive data of millions of customers that cost $ 439 million, hacks into electronic interbank payment systems with losses of $ 300 million.
The figures are really shocking and are affecting companies mainly in the operational and financial areas, including final consumers.
Cyber-attacks, fraud and data theft are as likely as natural disasters or failure to mitigate and adapt to climate change; they are in the top 5 of the most likely and high impact global risks, according to the report The Global Risk Landscape 2019 of the World Economic Forum. For this reason, organizations must be aware of the meaning of this hard data and take priority actions that allow them to develop a holistic security strategy well aligned with business objectives. They are no longer have to wonder if they will be victims of cyberattacks, but when, or even worse, since when they have been. See the new update for cyber threat detection.
Main Cybersecurity Challenges Faced by Companies
Analyzing the panorama of cyber threats and impact on companies today, it is essential to raise awareness and reinforce some business topics that are of utmost importance for decision makers in organizations in different sectors. Even greater when we talk about maintaining competitive sustainability in the new era, Industry 4.0.
Banking, insurance, ISP’s, telecomm, industry, manufacturing, pharmaceuticals, health, education, among others, face 6 major challenges every day, in which a security strategy is vital to meet business objectives:
Agility and Adoption of New Business Models
Companies need to develop new and secure business strategies that allow the maximum return on their investments quickly for success in the new digital economy. The secure use of emerging future technologies such as cloud computing, blockchain, big data, IoT, automation, machine learning, or AI is a huge push. Without the proper affinity to the concept, some adverse effects may be:
- Long response times to market and production needs, low operational efficiency
- Slow return of investment, inclination to CapEx than to OpEx
- Increased area of exposure to cyber threats, adoption of trends without cybersecurity awareness
It is imperative to ensure that the organization is able to continue operating during the most difficult and unexpected circumstances, always protecting employees, maintaining its reputation and providing the ability to continue marketing. Some consequences for the business due to cyber incidents can be:
- Fall of services and critical business operations
- Monetary impacts of inactivity and recovery actions
- Unsustainability and loss of competitiveness in the market
Businesses need to effectively balance compliance and information security, with a justified budget for threats and risks to the organization aligned with business objectives, not just to comply with regulations. Relying on security frameworks rather than regulatory mandates to implement security controls and technology that facilitate compliance. Without this balance, organizations are exposed to:
- Non-conformity in audits and regulatory standards, impact on business objectives
- Heavy infractions and / or fines, direct and indirect costs of non-compliance
- Loss of business opportunities, negative reputation, profit deficit
The operational and financial consequences of a sensitive data breach for an organization depend on variables such as the time of detection of the leak, the type and amount of information stolen, the competence of the incident response team and the reaction to the public. The average cost of a data breach is $ 3.86 million, and without an adequate security program, people, and controls, companies are prone to:
- Leakage and / or theft of sensitive critical information, violation of confidentiality and intellectual property
- Financial losses due to fines and compensation to clients, due to forensics, investigation and remediation
- Breach, loss of prestige and competitiveness, drop in customers and new business
Identity Theft and Fraud
Physical information theft, data hijacking through IT, and telephone or face-to-face deception are the main ways that cybercriminals use to collect information and commit identity theft and / or financial fraud. Awareness in companies at the user level is essential in addition to security controls for identity and access management. Without their correct risk and impact management, companies are exposed to:
- Theft of confidential information & phishing.
- Violation of the privacy of users, victims of extortion and threats, withdrawal of customers
- Financial losses from lawsuits and compensation to clients, issuance of new accounts / credit cards
Security on the Move
The proliferation and accelerated adoption of mobile devices in the world, as well as the mobility provided by wireless technologies, 4G and 5G extend the limits of the organization. BYOD, IoT, Shadow IT or the cloud add value to business productivity, however, they are one of the main challenges in cybersecurity. Without the correct analysis of the landscape and a mobile security strategy, some grievances for companies are:
- Security breaches originated outside the corporate, connection to insecure networks
- Malware spread by external infection, exposure of corporate assets and confidential information
- Sophisticated cyber attacks targeting the end user, infiltration of external threats.
Awareness and Participation of Collaborators is Crucial
Only 26% of the typical problems in the companies’ network are solved with technology, however, the other 74% involve trained people and well-defined processes; three properly balanced areas, and being aware of it is a decisive factor for security success. Here the role of the CISO (Chief Information Security Officer) in organizations plays a very important role in decision-making by senior management; firstly, identifying which are the key business topics that depend on the information security strategy for the fulfillment of the company’s general goals.
You must carry out vital security evangelism work with your counterparts, understanding and fostering collaboration across divisions, educating staff, conducting drills. This will facilitate the complete assurance of the information balanced according to the business, through the establishment of criteria for the preparation of budgets based on the risks they face, knowing how to monitor these results to inform investments and be strategic in the implementation of suppliers and solutions. In an increasingly digital age, employee awareness and participation in cybersecurity strategy is crucial.