When it comes to cyber security, corporate executives are either woefully under prepared or completely ignorant about the potential threats their organization may face due to a cyber-attack. Those who have the will and the requisite technology to prevent such an attack and those who stay up-to-date with the current trends and newer threats, as they emerge, are still equally vulnerable. But how is that exactly? How real is the threat of cyber security for your organization? Let’s begin by looking at the numbers.
What the statistics say
The data on cyber security threats is distressing. And that’s not just due to the innovative nature of the attacks. The real cyber security threat emerges from the lack of preparation by organizations to stave off potential attacks. And this is where we come face-to-face with the stark reality. Many surveys and research reports highlight this lack of preparation, or sometimes even lack of basic understanding of the issue.
Let’s begin with the most recent survey, conducted in April 2016. A staggering 90 percent of the surveyed corporate executives stated that they were unable to comprehend a cyber-security report and were not sufficiently prepared to handle a major attack. Even more surprising was that around 40 percent executives believed they could not be held responsible in case of hacking or loss of customer data.
This, then, leads us to conclude that the biggest cyber security threat to any organization is the failure of the executives to recognize the lack of cyber security as a threat. It’s a troublesome thought, one that quite clearly bothers Dave Damato, chief security officer at Tanium, who conducted the survey. “I think the most shocking statistic was really the fact that the individuals at the top of an organization — executives like CEOs and CIOs, and even board members — didn't feel personally responsible for cyber security or protecting the customer data,” said Damato. “As a result they're handing this off to their techies, and they're really just placing their heads in the sand right now.”
Damato’s words cut to the core of the problem, which is that cyber security is treated as an IT problem. Usually, it is relegated to the dark corners of the office, and the technical staff is left to deal with it. This blatant disregard for securing sensitive customer and financial information, combined with management’s lack of initiative, leads to half-baked cyber security measures, as Trustwave’s State of Risk Report suggests. A majority of the organizations surveyed had partial or no methods at all in place to control and track sensitive data.
The nature of the threats
Apart from the aforementioned problems, the nature of the looming cyber security threats is also disturbing. Each year, cyber attacks grow both in number and destructive capability. Symantec’s Internet Security Threat Report lays out this problem in great detail. According to the report, the company discovered an astounding 430 million new unique pieces of malware in just 2015. This indicated a 36 percent increase from the year before. And this is just the number of threats encountered by one cyber-security company, out of many that are out there.
The report also states that over half a billion of personal records were lost or stolen in 2015. But this is not even the tip of the iceberg. The real problem lies underneath. A lot of companies simply don’t report the data breach. “In 2015, more and more companies chose not to reveal the full extent of the breaches they experienced,” according to the report. “Companies choosing not to report the number of records lost increased by 85 percent.”
What needs to be done?
This is the big question that all organizations need to answer. Yes, cyber security poses a real threat but what can organizations do to prevent security breaches? Fortunately, we have some answers. Here are some of the steps your organization may take in order to prevent cyber security threats.
Better management
The most significant way organizations need to handle cyber security is by getting involved at the top management level. Leaving it for the technical staff to deal with, will not bring you any closer to the solution. In fact, it would do just the opposite. Executives need to step up to the task and take responsibility for their actions.
“Gone are the days when cyber security was considered just an IT issue,” says Stuart R. Levine. “Now, it requires a multi-disciplinary approach for preparedness, oversight and execution. For board members, cyber security preparedness is an enterprise risk management priority, involving both management and the board.”
Employee training
One of the biggest cyber security threats facing your organization is the carelessness of the employees who handle sensitive information. Having weak passwords, losing mobile devices containing sensitive company information, and clicking on suspicious links are some of the actions of the employees that threaten the security of the company.
Therefore, companies need to comprehensively train their employees on cyber security and the proper way to handle company information. By learning to protect themselves online, the employees can also be better prepared to handle company data.
Data encryption and security updates
Data encryption and running patch management programs on potentially vulnerable software are the two of the most basic steps that you can take to prevent cyber-attacks. It is essential not just to encrypt all cloud-based data but to use strong encryption, for instance the AES 256-bit. It is also essential to regularly update and patch all office software to protect them from vulnerability due to latest cyber threat.
Only with a comprehensive approach, focusing on all possible weak points, can your organization ensure maximum cyber security.