For most people, the world of cybercrime is terrifying and fascinating at the same time. Somewhere in the realm of science fiction, cybercrime is identified as the stuff of compelling entertainment, such as the recently launched drama, CSI: Cyber, which stars Patricia Arquette as head of the FBI’s cybercrime division, hunting a new breed of criminal who uses today’s technology to commit illegal activities that “start in the mind, live online and play out in the real world.” The cyber-expert FBI agents have already solved some serious crimes of global proportion on television, like murder committed by hacking into a private car service customer list and arson started by a computer whiz who sets flames burning through a computer’s circuits. The show opens with an eerie explanation of how Arquette’s character, Avery Ryan, is herself a victim of cybercrime, ending with an arguably over-the-top warning, “It can happen to you …”
Interestingly enough, CSI: Cyber is inspired by a real-life “cyber psychologist” named Mary Aiken and her real-life experiences with cybercrime, more or less. No need to take dramatic license with today’s headlines, however; big-name enterprises like Target, Home Depot, eBay, Anthem and the U. S. Postal Service have been hacked recently, compromising their integrity and reputation – so these kinds of storylines could indeed happen to you. No to mention, the Federal Bureau of Investigation really does have a Cyber Crime division, complete with a “Cyber’s Most Wanted” list.
These days, life is imitating art, it seems.
If you wake up one morning and realize your company is headlining with the news of a data breach by a hacker who is now making public personal information and confidential business plans, compromising passwords and financial data or committing identity theft – how will you recoup that information? Will you ever regain the trust of your customers, business partners, employees, the public? How can you make your data secure?
The 2014 Cost of Data Breach Study: Global Analysis
For nine years running, independent research conducted by the Ponemon Institute has produced The 2014 Costs of Data Breach Study: Global Analysis, the industry’s benchmark study sponsored by IBM and supported by 250 participating organizations in 11 countries, including Australia, Brazil, France, Germany, India, Italy, Japan, Saudi Arabia, the United Arab Emirates, the United Kingdom and the United States. The newest study reveals a number of global trends; among them are:
- The cost of a data breach is on the rise, in both in the cost per stolen or lost record and in the average total cost of a breach.
- Fewer customers remain loyal after a breach, particularly in the financial services industry.
- After analyzing up to nine years of data, having business continuity management involved in the remediation of a breach can finally help reduce the cost.
Protect Your Assets from Potential Cybercrime
Information security breaches are becoming more and more common, and not protecting against cybercrime can be very expensive. When a malicious attack occurs on your network, it puts sensitive customer and corporate intellectual property at risk. This can include trade secrets, customer payment information and other key data such as social security numbers. At the onset, the real cost is an unknown.
The stunning part of a security breach is how fast it occurs and its consequences compound. Once a group of experienced hackers accesses your data, they distribute sections of the database to other hackers around the globe who have card printing capability and can produce clones in the span of an hour. They litter the streets with those clones and everywhere, the spending begins. And all this happens in less than 24 hours. By the time any credit card is canceled, they’ve already spent to the limit. It’s already gone. So to put a tangible number to the crime immediately, even if it’s in the millions – that’s probably a little light.
The intangible cost is the hit a company’s trustworthiness can take, something that executives will spend years trying to recoup, if they ever do. Not to mention eventual lawsuits and other losses that a security violation creates. The main cause of a security breach is malicious or criminal attack (42%), followed closely by human error (30%) and potential system glitches (29%). Let’s face it, we need to use our resources to defend our sensitive and confidential data from deliberate malicious criminal attacks or errors before they occur.
Many cyber attacks happening today start from the outside, which means hackers are always looking for an opening in your network to breach. For a retail business, for instance, they’re likely going after where the money is, stealing credit card information that they can clone and use until it stops working. For schools, they may be more interested in SSN’s for identity theft. Other times, hackers will attack whatever’s easiest, the most exposed part of a database. It can be as simple as a phone call to authorize an account, only the call is part of a phishing scam, where the recipient unknowingly provides personal information under false pretenses – and now it’s in the hands of a hacker.
How Much Could a Security Breach Cost Your Organization?
According to the Data Breach study, from 2013 to 2014 there has been a 9% increase in the average cost for lost or stolen records containing sensitive and confidential information globally. The study also indicates:
- the average total cost of a data breach for the participating companies increased 15% to $3.5 million
- the most expensive malicious and criminal data breaches occur the U.S. and Germany, costing $246 and $215 per compromised record
- the U.S. has the highest number of breached records, reaching 29,087 in 2014
How Can You Protect Your Organization?
Right now, no “cyber” insurance exists that a company could buy to protect itself completely from cybercrime. There will always be software bugs that could make a network vulnerable. If a hacker wants to get into your network, he or she will likely find a way. What to do, from good cyber security perspective, is to catch hackers in real time, rather than discovering their criminal work after the fact.
It is critical for companies to conduct vigorous internal monitoring to control the occurrence of any bad data that can slip into your network. Implementing an Intrusion Prevention System/Intrusion Detection System (IPS/IDS) is the best strategy for detecting and responding to certain attacks. Another part of a good strategy is prevention, lock down firewall technology. Once companies get the firewalls up and running, sometimes they think, “Okay, everything is secure now,” when in fact, the IPS/IDS isn’t fully functioning. Diligent testing and re-testing, making the protection available to all levels of the IT organization is crucial. Ensure your business has up to date security measures in place by reviewing your entire network for security risks and acting on any recommendations to tighten up protection measures.
Find an experienced information security service provider that will ensure your network and data is secure using best security practices, expert advice and the latest security resources available. You can also secure your data and confidential information by providing an outside look to your organization’s infrastructure. Providing that outside look could very easily result in a prevention of an embarrassing, reputation-defaming security breach.