Cyber security: More important than ever

Anders Erickson, HLB USA, Risk Advisory Senior Manager at Eide Bailly

Image

Cyber security: More important than ever

13 Dec 2016

In the wake of recent hacks and leaks from large corporations including Yahoo, Home Depot and Target, the term ‘cyber security’ is making headlines. 

Threats to organisations have never been greater, and the impact of cyber threats has changed the landscape in which governments, corporations, and individuals operate. However, relatively few people truly understand the implications of cyber-attacks.

Ponemon Institute’s 2015 Cost of Data Breach Study reports that the average cost of a corporate-level attack was $3.8 million in 2015, nearly 25% higher than the year prior. Additionally, they found that businesses can expect to pay, on average, $154 per sensitive or confidential record stolen. 

In their 2015 Data Breach Investigations Report, Verizon predicts that an organisation will spend between $52,000 and $87,000 on one thousand stolen records.

This figure is only going to grow. The cost of data breaches is expected to reach $2.1 trillion by 2019, with the average cost of each breach exceeding $150 million by 2020. Data compromise and system breaches have become commonplace in our society—one billion personally identifiable information records were stolen in 2014 alone.     

Cyber security defined

Cyber security falls under the umbrella of IT (information technology) and is specifically related to the transmission of data from one place to another. When data is moved through a medium, there is always concern about it being read or intercepted. Cyber security is the protection of digital data and the systems on which it is stored, moved, and accessed across both trusted and untrusted mediums.

The need for an objective view

A mistake or malicious act in cyber security can lead to loss of data, trust, customer base and more. In certain cases, cyber risks can even lead to an organisation’s demise. To effectively manage cyber risks, boards and executives need greater transparency in their IT activities and independent evaluation of their data protection. 

While many companies maintain in-house IT capabilities, employees often lack the experience and understanding to support a well-rounded culture of cyber security—especially in smaller companies. In most organisations, IT departments are willing to provide information related to IT operations and risks, but only when requested. Departments are either engrossed in their daily work or have found comfort in independence granted by an organisation too bewildered or overwhelmed to consider what questions they should be asking IT. Because of this, it is often beneficial for companies to hire an outside consultant to take an objective look at current cyber security measures and determine whether the appropriate preventative, detective and response capabilities have been established.

The threat from within

Research conducted by the United States Computer Emergency Readiness Team (CERT) found that the most likely architects of cyber attacks are system administrators or other IT staff with privileged system access. Company and customer data, including financial, health and proprietary data, can be viewed, modified or erased by those responsible for developing and administering systems. It is important to validate the information provided by your organisation’s IT professionals with an independent assessment.  

An always evolving plan

It isn’t a question of if, but when an attack will happen.

In today’s volatile, threat-ridden business landscape, it’s imperative that companies both large and small have comprehensive cyber security plans in place. Your plan should contain both short and long-term goals and cyber security measures. As threats, regulations, markets and technologies change, successful businesses must remain agile and up-to-date with their cyber security plan. This plan should include activities such as conducting risk assessments, identifying and protecting critical data, executing network vulnerability assessments, and deploying software updates and patches.

Be proactive

It is impossible to predict the future of cyber security, but it’s important for businesses to be aware of current social and technological trends so they can be proactive in protecting their business. Working with external cyber security consultants to build a plan for preventing, detecting and responding to an attack could be the key that saves your business from the inevitable cyber-attack.


Image
Get in touch
Whatever your question our team will point you in the right direction
Start the conversation
Image

Sign up for HLB insights newsletters