Businesses rely on technology for a great many things. Not only does it help employees in their jobs and streamline internal operations, it also plays a big role in customer service solutions. Consequently, the way firms deal with security is rapidly changing.
Companies can no longer afford to invest in just physical security strategies. While it can be devastating for intruders to break into business premises, much more damage can be caused by criminals infiltrating technical systems. Once they cross digital barriers, they can access valuable business and user data quickly and, in many cases, silently.
The general sentiment is that cybercrime is on the rise, and the statistics back this up. According to Get Safe Online and Action Fraud, British businesses have seen a 22% increase in cyber incidents over the past year, with total reported losses of more than £1 billion. There were also a number of high-profile data breaches in 2016 with Yahoo and DailyMotion being just two examples.
This is clearly a concerning trend, and there are increasing calls for businesses to do more to protect themselves and their customers. The fact is, though, that implementing cyber strategies isn’t easy. It can take time and prove costly, but many people and organisations believe that firms ought to take cybercrime more seriously.
The cost of cybercrime
PwC, a multi-national professional services network, has carried out a significant amount of research into business cyber security approaches and discovered some worrying trends. For example, while UK companies are investing in some cyber security methods, there are still many firms that are still naïve to cyber attacks. 18% of businesses don’t know how many cyber attacks they’ve had in the past year, and, on an average, such incidents can cost companies up to £2.6 million.
Richard Horne, cyber security partner at PwC, says there are a lot of companies that don’t understand the seriousness of cyber attacks and in many cases believe that cybercrime is something that won’t affect them. This means when a situation does occur, they don’t have the resources to be able to prevent damage, causing repercussions for future growth.
“Many organisations just don’t realise how vulnerable they are. They remain in the mindset of thinking that a cyber attack just won’t happen to them, but realistically we’re now in a ‘when not if’ situation. As a result, these businesses haven’t got the right crisis planning, readiness and response in place for when the inevitable does happen,” he says.
“In moving towards becoming digital organisations over the last decade, many companies now don’t fully understand where their data lies, what it holds and what’s critical. It’s also hard to know what third parties they rely on to keep their critical data and processes secure, from outsourcers to partners and staff or even clients. As many of these digitisation programs were designed without security in mind, it’s common that they’re now open to manipulation.”
Horne insists on the importance of having the right cyber security practices in place, covering all aspects of a business. He says companies should consider this throughout every step of the decision-making focus. “Cyber security is far more than just building security controls – it’s about changing your organisation to be securable,” he says.
Be prepared and develop strategies
Preparation is essential when dealing with cyber security threats. If companies don’t have suitable protections in place, then the damage can be much worse. Anton Grashion, EMEA senior director of product marketing at American software firm Cylance, says businesses spend too much time chasing and trying to patch up attacks after they happen.
“When it comes to protecting your organisation, prevention and preparation are the best medicine. Once a breach takes place, the business cost and business risks go up exponentially, with every second of delay resulting in further harm. IT staff are often forced to drop everything to initiate a lengthy chain of discovery, analysis, verification and remediation whilst in crisis. As time ticks by, the damage continues and costs mount,” he says.
“It’s a reasonable question to ask why the situation doesn’t eem to improve; as the industry becomes more connected, malicious actors take advantage of the vulnerabilities created by the gap between IT security and operations. What organisations are not doing very well is preventing attacks. They’re spending time and resources chasing [them] into the network at which point their data has already been compromised. The balance has shifted too far from prevention to detection and remediation and it’s a balance that’s needed.”
He adds that firms need to spend time and money creating an efficient strategy that can help them fight cyber criminals. “A pre-execution strategy is the first step in building an effective security portfolio. Identifying malicious applications before they get a chance to execute helps limit security management costs and system performance overhead,” he says.
Innovating to fight cybercrime
Automation is innovating a plethora of industries, but it can also help companies fight cybercrime. Jes Breslaw, director of strategy at data virtualisation firm Delphix, says automated processes can simplify and speed up complex, timely cyber security approaches. In particular, it can provide data masking, a way of organising company data.
“The process of masking both production and test data has traditionally been an expensive and complex task. That means companies have found it particularly difficult to limit the risk to brand reputation and unexpected fraud or identity theft, when data has fallen into the wrong hands,” he says.
“Overcoming this barrier means considering technologies that automate data masking at scale. Using data virtualisation, companies can mask data once and then ensure all subsequent copies have the same protective policies applied. As such, taking steps to drive greater visibility and standardisation into processes such as data masking, will be paramount to future proof business against both cost and compliance implications in the coming year.”
Technology is always advancing and more firms are investing in new innovation and developing data-centric processes. With this in mind, it’s easy to assume that cybercrime is going to disappear overnight. But the fact is, it’ll only likely get worse. Companies need to start taking it seriously now.