One more 365, come and gone. Our hyperconnected lives keep us always on the lookout for the next update, the hottest feature, the latest trends for the new year. But then that's also just how we're wired. Yet while we love to leap ahead, a look back can be beneficial too—good, bad or average, it informs our journey forward, gives us a benchmark for comparison.
So before this year kicks into high gear, let's do a little glancing back, a bit of gazing toward the future. Zeroing in on the cybersecurity scene we'll note some trends, and find where true security lies.
The focus on cybersecurity has never been more intense. After a year of large-scale breaches—ranging from scary to scandalous—we gained a clearer perspective on cybercriminals' motivations. It turns out, while it's generally all about the benjamins, we're seeing an (ironically) heightened morality of sorts among cyber perps. Whether it's hacktivism, or exposing shady business practices, it seems there are more 'reasons' than ever for hackers to do their thing, feeling justified in wreaking havoc.
Keeping in time then, more folks out there—C-suite and IT alike—are voicing this truth: "'One size fits all' is no longer a valid strategy." With widely varied attack methods and motivations, that's really to be expected. Experience has also borne out that developing a "cyber security culture" within businesses is a pivotal weapon in our arsenal against constantly menacing threats. In fact, finding ways to effectively communicate across internal company lines builds a solid foundation for prevention, protection and awareness.
Along with protective measures, culpability has shifted too: no longer are a few IT directors caught alone in the crosshairs. Instead, we're seeing the C-suite taking heat, while IT departments are increasingly seen as stewards, "custodians" of company owners' data. Now that we know the state of things, just where is this cybersecurity train headed? Well, that would depend on the set of tracks.
Thankfully, we've seen a collaborative spirit taking hold in the world of cybersecurity. It makes us glad to see the shrugged shoulders and hands-in-the-air positions of years past replaced by today's business leaders, ready to stand up and own their companies' security. For while it's a major challenge, the rewards for diligence—and risks of passivity—are huge. Yet, while boundaries and responsibilities are being redefined, attackers tend to remain a step ahead, too often turning the corner before we see the need to chase.
It's become obvious: "cyber-related exposures are not diminishing, nor are they being stopped by security measures." So how to plan for the inevitable? Accepting reality is a first step. Especially in small- and medium-sized businesses (SMBs), decision makers must choose wisely when it comes to fund allocations. And the challenges stack up when your 'pool' of resources seems more like a puddle. One choice that's always in style? Cyber insurance, which in today's large-scale cyber battles has become more of a necessity than an option.
It also helps to know what NOT to do: Don't assume that you're 'too small to matter.' Just as dangerous as being 'too big to fail,' faulty reasoning can lead to unrealistic assumptions of safety, fueling inaction or a sub-par defense strategy. Essentially, you'd be holding the door open for a criminal. And that's precisely how cyber predators are hoping you'll react. A small business with connections to the bigger fish, paired with lax security measures? That's the ideal target, giving hackers the "biggest bang for their buck." Let's not give them any (more) unfair advantages.
Cybercriminals are in it for the easy money, but you're here for the long haul. With a family to support, employees to compensate and clients to serve, capital is vital. Also unlike the average cybercriminal, your responsible gaze encompasses far more than the here-and-now. And when perspectives widen, we realize just how much there is to protect.
Let's put some numbers down and make this real. IBM and the Ponemon Institute's May 2015 study put the average total cost of a data breach at $3.79 million—a worrisome 23% increase over the last two years. Honing in on small businesses, we're looking at figures on the lower end of the spectrum, but also a frightening upward trend that seems to be limitless. With an increase of nearly 140% in one year—$8,699 in 2013 to $20,752 in 2014—the future looks grim, and everyone has something to loose, from assets and industry secrets, to client and employee PII and more. We're also seeing a new "cost of doing business"—resignation of key leaders in the face of a serious data breach. Those are risks we just can't ignore.
A key way to jump on the right track is to learn to view our business as a 'data company,' regardless of industry. And while taking even everyday steps can beef up your company's cybersecurity shield, the time comes when you've got to bring in the big guns. Here's why:
"As we continue to improve in certain areas, the bad actors don't go away. They don't go out and get legitimate jobs. They simply move to another attack vector." — John Nai, CISO at PayPal
"Unfortunately in most respects, 2016 won't change much: users will still click on malicious links; IT will still be bad at patching; the bad guys will still attack; and the tide of misery from breaches will continue." — Via Forbes
Truth in every word. So as we move into another four seasons, let's be realistic: the calendar shift doesn't cause a magical time reset—there's no groundhog in this yarn, and we don't get a 'do-over' year. All the external factors that contribute to a data breach remain, and try as we may, we aren't likely to eradicate all insider threats either. And not only are the bad guys getting worse, they're arguably getting smarter too, and their attacks more personal. Many folks in the know feel that cyber perps will work more psychology into their bag of tricks, ironically using fear of an attack to lead unsuspecting employees into their net. Yep, we're shaking our heads too—How do we protect against so many variables?
The road toward protection begins with steps set firmly in reality. Merely hoping to avoid sticky situations with cybercriminals is like trying not to make eye contact—embarrassing and ineffective, not to mention awkwardly obvious. Instead, let's face this problem head-on and be honest about the threats involved. Here's a guiding principle:
"Skate to where the puck is going to be—not where it has been." — Via Insurance Journal
You're aiming to avert catastrophe, not necessarily evade the offenders, and coming 'face to face' with a cybercriminal has become a very real scenario. How to plan? You'd do what any strategist would: project the worst case, and insure yourself against the negatives. Practical steps aside, cyber insurance should be a weapon on everyone's radar. It's far more than just a savvy decision made by those in the know. In fact, in today's pervasive cyberwar, insurance against the inevitable attack has become a necessary protection. No incident response plan is complete without it. And after a year like 2015, we can understand why.
As we round the bend from past to future, let's stop for a moment and focus on the present. We've come a long way—in today's business world, innovation abounds and is ever on the rise. Unfortunately, the same is true for those trying to exploit our enterprises. We no longer have to wait for 'what can go wrong'—if we know where to look, we'll see that it already is.
So while we forge a path through these new days, weeks and months, let's place company security at the top of every to-do list. Because on the whole, while the new year brings more of the same, it also promises a whole lot of unknown—new and evolving threats, unexpected attack vectors. And while you can't plan for what you don't know, you most certainly can protect against it. Knowing that there's a strong safety net in place, you can go about building, succeeding and growing, all the while fully confident that your back—and your business—is covered.
These Terms & Conditions govern your use of this website; your use of this website indicates your acceptance of these Terms & Conditions in full.
Kindly note that the information and content provided on this website does not constitute professional advice. Although we do our best to keep everything on this site correct and up-to-date, we do not guarantee the completeness or accuracy of any information provided on this website. Improvements and/or changes in the products, services and/or programs described on this website may be made at any time without notice. We must also advise that hypertext links to other websites do not constitute an endorsement, nor do we guarantee any information provided by those sites.
While we do love when users share what they find on our website, it may be used or shared only for personal purposes. The information and content provided on this website is owned or licensed by Zinc, and should not be used or disseminated for any profit or gain.
While using this website, please be aware that no insurance coverages can be bound and no amendments, supplements, or modifications can be added to your policy, new or existing, unless and until you have received a written binder from us or your insurance company.
For users outside of the US: We make no claims that the content on this web site is appropriate or may be downloaded outside of the United States. If you access the site from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction.
Even though we work hard to ensure the security and safety of our website and its users, we cannot and do not guarantee that this website will operate error-free, nor that this website and its server are without computer viruses or other harmful material. If your use of this website or material from it results in any costs or expenses, we will not be responsible for those costs or expenses. This website and its materials are provided without any warranties of any kind, to the fullest extent permitted by law.
Please bear in mind that we will not be liable for any losses or damages arising under these Terms & Conditions or in connection with this website, whether arising in tort, contract, or otherwise – including, without limitation, any loss of profit, contracts, business, goodwill, data, income, revenue or anticipated savings.
Finally, if for any reason any portion or provision of these Terms & Conditions is ruled to be unenforceable, that provision will be enforced to the maximum extent permissible so as to affect the intent of the Terms & Conditions, and the remainder of the Terms & Conditions will continue in full force and effect.
Thanks for getting in touch! You'll receive a confirmation email shortly.