Virtual threats – prepare you company for cyberattacks!

Cybersecurity can no longer be thought of as just “nice to have.” Negative consequences of cyberincidents are disruptive and potentially catastrophic for any company or organization. Companies need to look ahead systematically, and the need is growing!

• In 2015, 38% more security incidents were detected than in 2014[1]
• Organizations from public sector detected 137% more cybersecurity incidents in 2015 than the year before[2]
• 40% of corporate executives feel no responsibility for the consequences of being hacked[3]

These figures are doubtless unsettling, but companies need to be aware that a major IT security breach could just be a matter of time. Important trends such as the rise of the Internet of Things (IoT) will shape IT security in business for years to come – and these trends come with more and more threats!

Increasing danger from the IoT and mobile threats
By 2020 as many as 200 billion devices such as cars, refrigerators and many more will be connected to the internet – that’s 40 times more than today. A lot of these devices have limited computing power, making it impossible to install traditional antivirus software. One of the IoT’s main risks is the vulnerabilities of the IP protocol that enables communication between devices.

Growing specialization among cybercriminals has led to the emergence of cybercrime as a service provider market. Various providers offer a simple intrusion or security breach for as little as $100 and this trend will continue to grow. Mobile devices and applications are particularly attractive for cybercriminals due to the fact that their equipment and software provide plenty of opportunities to steal not only data but also money.

The consequences of cyberincidents

• Interruption of business and operations
• Exposure and compromise of intellectual property and sensitive information
• Introduction of malicious files/viruses to the corporate IT network
• Negative publicity, loss of customers and customer confidence
• Brand and company name damage
• Financial issues

These are just some of the consequences that companies need to deal with after a cyberattack. However, potential losses cannot be calculated because it is difficult to translate all of the above into tangible sums of money.

Reasons and responsibility
Gone are the days when cybersecurity was considered just an IT issue. Now, it requires a multidisciplinary approach for preparedness, oversight and execution. It affects every level of business, including senior executives. More than 90 percent of corporate executives say they can’t read a cybersecurity report and are not prepared to handle a major attack and 90 percent of breaches are due to human error, not to a lack of technology protection. Culture plays a huge role in setting the standards for behavior throughout an organization, starting with the CEO. Cybercriminals always turn to the greatest source of weakness – people. Some people care about protecting themselves online, while others do not realize the dangers that exist. A thief can exploit these inconsistencies and weaknesses. That is why issues related to cybersecurity cannot be discussed separately from the company’s strategy and business processes.

Secure from Antivirus to Zero-Day Attack: 5 steps how to protect your company
It is not possible to secure your organization entirely from A to Z. However, you should constantly analyze potential threats. While you can never afford to give up on control and supervision, understanding a few basic rules that govern IT security may ensure the comfort of working effectively.

There are some guidelines you should follow if you want to eliminate the risks of a menacing cyberattack:

1. Update regularly. Outdated operating systems are easy to break into. Be sure to update whenever new versions are released. A strong firewall is another security tool for your business. Update it on a regular basis to combat viruses and phishing attacks.

2. Introduce cybersecurity awareness training for employees: The key is developing a culture in which people implement secure online practices without resentment and without thinking about them.

3. Find the main vulnerabilities and name the fundamental risks: Knowing your priorities and key digital resources in combination with your current security policy will reveal the most important vulnerabilities and help define the risks they generate.

4. Get serious about policies: IT security is all about risk management. By applying appropriate policies to regulate what systems and data different users can access you can reduce threats.

5. Keep on monitoring IT security: Security transformation is a long-term process that requires constant monitoring and adjustment.

Stay tuned in over the next few weeks. We will continue to elaborate in depth which security breaches can affect your company and how you can best prepare yourself for these intrusions.

[1] PWC: “The Global State of Information Security Survey 2016”
[2] PWC: “The Global State of Information Security Survey 2016”
[3] Nasdaq & Tanium: „The Accountability Gap: Cybersecurity & Building a Culture of Responsibitly”, April 2016