One more 365, come and gone. Our hyperconnected lives keep us always on the lookout for the next update, the hottest feature, the latest trends for the new year. But then that's also just how we're wired. Yet while we love to leap ahead, a look back can be beneficial too—good, bad or average, it informs our journey forward, gives us a benchmark for comparison.
So before this year kicks into high gear, let's do a little glancing back, a bit of gazing toward the future. Zeroing in on the cybersecurity scene we'll note some trends, and find where true security lies.
The focus on cybersecurity has never been more intense. After a year of large-scale breaches—ranging from scary to scandalous—we gained a clearer perspective on cybercriminals' motivations. It turns out, while it's generally all about the benjamins, we're seeing an (ironically) heightened morality of sorts among cyber perps. Whether it's hacktivism, or exposing shady business practices, it seems there are more 'reasons' than ever for hackers to do their thing, feeling justified in wreaking havoc.
Keeping in time then, more folks out there—C-suite and IT alike—are voicing this truth: "'One size fits all' is no longer a valid strategy." With widely varied attack methods and motivations, that's really to be expected. Experience has also borne out that developing a "cyber security culture" within businesses is a pivotal weapon in our arsenal against constantly menacing threats. In fact, finding ways to effectively communicate across internal company lines builds a solid foundation for prevention, protection and awareness.
Along with protective measures, culpability has shifted too: no longer are a few IT directors caught alone in the crosshairs. Instead, we're seeing the C-suite taking heat, while IT departments are increasingly seen as stewards, "custodians" of company owners' data. Now that we know the state of things, just where is this cybersecurity train headed? Well, that would depend on the set of tracks.
Thankfully, we've seen a collaborative spirit taking hold in the world of cybersecurity. It makes us glad to see the shrugged shoulders and hands-in-the-air positions of years past replaced by today's business leaders, ready to stand up and own their companies' security. For while it's a major challenge, the rewards for diligence—and risks of passivity—are huge. Yet, while boundaries and responsibilities are being redefined, attackers tend to remain a step ahead, too often turning the corner before we see the need to chase.
It's become obvious: "cyber-related exposures are not diminishing, nor are they being stopped by security measures." So how to plan for the inevitable? Accepting reality is a first step. Especially in small- and medium-sized businesses (SMBs), decision makers must choose wisely when it comes to fund allocations. And the challenges stack up when your 'pool' of resources seems more like a puddle. One choice that's always in style? Cyber insurance, which in today's large-scale cyber battles has become more of a necessity than an option.
It also helps to know what NOT to do: Don't assume that you're 'too small to matter.' Just as dangerous as being 'too big to fail,' faulty reasoning can lead to unrealistic assumptions of safety, fueling inaction or a sub-par defense strategy. Essentially, you'd be holding the door open for a criminal. And that's precisely how cyber predators are hoping you'll react. A small business with connections to the bigger fish, paired with lax security measures? That's the ideal target, giving hackers the "biggest bang for their buck." Let's not give them any (more) unfair advantages.
Cybercriminals are in it for the easy money, but you're here for the long haul. With a family to support, employees to compensate and clients to serve, capital is vital. Also unlike the average cybercriminal, your responsible gaze encompasses far more than the here-and-now. And when perspectives widen, we realize just how much there is to protect.
Let's put some numbers down and make this real. IBM and the Ponemon Institute's May 2015 study put the average total cost of a data breach at $3.79 million—a worrisome 23% increase over the last two years. Honing in on small businesses, we're looking at figures on the lower end of the spectrum, but also a frightening upward trend that seems to be limitless. With an increase of nearly 140% in one year—$8,699 in 2013 to $20,752 in 2014—the future looks grim, and everyone has something to loose, from assets and industry secrets, to client and employee PII and more. We're also seeing a new "cost of doing business"—resignation of key leaders in the face of a serious data breach. Those are risks we just can't ignore.
A key way to jump on the right track is to learn to view our business as a 'data company,' regardless of industry. And while taking even everyday steps can beef up your company's cybersecurity shield, the time comes when you've got to bring in the big guns. Here's why:
"As we continue to improve in certain areas, the bad actors don't go away. They don't go out and get legitimate jobs. They simply move to another attack vector." — John Nai, CISO at PayPal
"Unfortunately in most respects, 2016 won't change much: users will still click on malicious links; IT will still be bad at patching; the bad guys will still attack; and the tide of misery from breaches will continue." — Via Forbes
Truth in every word. So as we move into another four seasons, let's be realistic: the calendar shift doesn't cause a magical time reset—there's no groundhog in this yarn, and we don't get a 'do-over' year. All the external factors that contribute to a data breach remain, and try as we may, we aren't likely to eradicate all insider threats either. And not only are the bad guys getting worse, they're arguably getting smarter too, and their attacks more personal. Many folks in the know feel that cyber perps will work more psychology into their bag of tricks, ironically using fear of an attack to lead unsuspecting employees into their net. Yep, we're shaking our heads too—How do we protect against so many variables?
The road toward protection begins with steps set firmly in reality. Merely hoping to avoid sticky situations with cybercriminals is like trying not to make eye contact—embarrassing and ineffective, not to mention awkwardly obvious. Instead, let's face this problem head-on and be honest about the threats involved. Here's a guiding principle:
"Skate to where the puck is going to be—not where it has been." — Via Insurance Journal
You're aiming to avert catastrophe, not necessarily evade the offenders, and coming 'face to face' with a cybercriminal has become a very real scenario. How to plan? You'd do what any strategist would: project the worst case, and insure yourself against the negatives. Practical steps aside, cyber insurance should be a weapon on everyone's radar. It's far more than just a savvy decision made by those in the know. In fact, in today's pervasive cyberwar, insurance against the inevitable attack has become a necessary protection. No incident response plan is complete without it. And after a year like 2015, we can understand why.
As we round the bend from past to future, let's stop for a moment and focus on the present. We've come a long way—in today's business world, innovation abounds and is ever on the rise. Unfortunately, the same is true for those trying to exploit our enterprises. We no longer have to wait for 'what can go wrong'—if we know where to look, we'll see that it already is.
So while we forge a path through these new days, weeks and months, let's place company security at the top of every to-do list. Because on the whole, while the new year brings more of the same, it also promises a whole lot of unknown—new and evolving threats, unexpected attack vectors. And while you can't plan for what you don't know, you most certainly can protect against it. Knowing that there's a strong safety net in place, you can go about building, succeeding and growing, all the while fully confident that your back—and your business—is covered.
Thanks for getting in touch! You'll receive a confirmation email shortly.