According to CBS news, there are more than 4,000 cyber attacks per day. Nearly 160 million pieces of sensitive data were hacked in 2015, and Forbes published estimates that cyber crimes inflict six trillion dollars in damage each year. But that doesn’t include the cost to businesses in terms of tarnished brands and damaged customer relationships.
Cybersecurity is a constant battle, and experts engage in approximately three skirmishes every second of every hour, 24/7, including holidays. Cyber criminals use sophisticated tools that don’t take vacations but do work overtime with round-the-clock shifts.
To wage war against this kind of constantly aggressive threat, security professionals rely on training, vigilance, and superior technology. They also acknowledge that the weakest link in any cybersecurity system is the human element, which makes this kind of crime fighting particularly difficult.
A pre-rehearsed plan is vital in any crisis or emergency. Things may not always go exactly according to plan. But without a plan, things quickly descend into panic and chaos. Defending critical cyber assets is much easier and more effective when done in a deliberate, organized manner. But an IBM survey revealed that only 25 percent of companies have a formalized organization-wide cyber attack incident response plan.
The action plan should include protocols for prioritizing which assets deserve the most robust protection, and which people should head-up the incident response. That requires a clearly delineated chain of cybersecurity command and responsibility, plus open channels of communication. Experts constantly emphasize the need for such preparations, coupled with cybersecurity “fire drills.”
Oftentimes it may be more efficient and cost effective to outsource cybersecurity to a team that specializes in hardening networks, countering hacks, and responding to breaches. In especially serious incidents, that outreach may include law enforcement agencies like the FBI and U.S. Secret Service. They have extraordinary assets and capabilities that can be deployed to identify and defend against threats.
The Global Commission on the Stability of Cyberspace (GCSC) also exists as a worldwide collaborative partnership between companies like Microsoft and governmental agencies. The GCSC works to develop ways to safeguard the internet and prevent cyber crimes. One of its supporters is BlackHat, a world leader in cybersecurity. For more than 20 years, Black Hat has hosted annual conferences to provide expert cyber defense training and insightful cybersecurity briefings.
Harvard Business Review points out that encrypted products are some of the best preventative tools, as well as content filters, firewalls, and threat detection systems. Experts also recommend multi-factor identification to prevent unauthorized access to networks and email systems and PCI-compliant payment portals. But human error is a significant contributing factor in 95 percent of cybersecurity incidents, according to IBM.
A team member neglects to update a software patch or an employee clicks on an email with a virus attachment. Someone inadvertently exposes a business server to hackers through a network administrator misconfiguration. Their insecure laptop or log-in credentials are stolen, or a weak password is hacked. That’s where constant reminders and training in best practices can be even more valuable than that the most expensive and sophisticated IT infrastructure. Reducing human error can also be done without any cost whatsoever. That’s why the Small Business Administration recommends that these fundamental precautions and basic, commonsense protocols should be high priority for every business.