Cyber Security in Some of the World's Biggest Businesses
For all the advantages that the internet has brought to the world, it has also introduced some distinctly unwelcome additions. Arguably, the biggest of these are the multiple threats to cybersecurity that threaten businesses of every size and in virtually every industry. The statistics are incredible. Cyber threats and data breaches are estimated to cost a business an average of $3.9 million per breach and the cost of cybersecurity for a company averages out at around $1,800 per employee a year.
Figures like these go to prove that cyber threats are not simply a drain on a company’s time and efficiency, they cost a great deal too. And, in a period of economic uncertainty, this may even bring the financial viability of many businesses into question. In short, many may just be one cyber-attack away from collapse. It’s not simply the cost of the attack, it’s also the reputational damage that it can cause. So even if the hacking, phishing or other form of assault can be contained, its aftermath may not be so simple to control.
The main forms of attack
Predictably, there has been a great deal of research carried out into the main forms of attack, with some fairly surprising results.
By far the most usual attempt made by hackers is to launch a phishing attack. Over 57% of companies claim to have suffered one of these in the last year. This particular example also relies on what is generally considered to be the weakest link in the security chain – human fallibility. It just takes one employee to be taken in by a fake email to unleash a chain of events that can be quite catastrophic.
A great deal of attention has also been paid to the emergence of DDoS attacks in which a network of bots co-ordinate their efforts to overwhelm a company’s website. The aim of this is either to hinder a business’s ability to operate and demand a ransom to be paid for the attack to be called off or to create a diversion so hackers can get to work on another part of the company’s IT infrastructure. These attacks may be high profile and hit the headlines, but under 30% of businesses experience them.
Other threats include the introduction of trojans and other malware in order to infect the system with 47% of businesses experiencing this at least once a year. Lesser dangers include attempts to crack passwords, 37% of businesses have experienced this, as well as the exploitation of security gaps presented by out of date software and systems. Just 25% of businesses have reported being victims, a relatively small but still not insignificant figure.
The steps that businesses take
The good news for businesses is that there is a great deal of help and advice available to them when it comes to employing comprehensive cybersecurity measures. Online magazines can be a particularly effective aid as these will include regularly updated information about new threats as the emerge. This, in turn, can help organizations to refine and improve their own cybersecurity procedures and protocols to be ready for threats when they arise.
It’s fair to say that virtually every sector finds itself under threat, but it is especially prevalent in organizations which both handle large sums of money as well as large volumes of personal customer data. This means that banks and other financial services companies will always find themselves in the firing line. But other, more unexpected, sectors are also firmly in the sights of cyber criminals.
One example is the online casino industry which has a very similar profile to a financial institution in its money and data-holding practices. But its added appeal to hackers is that it provides the opportunity to cheat the normally random programs that run the games themselves. As a result, casinos are often a target of elaborate scams, as famous gambling author John Grochowski covers in detail on his fascinating post on slot machine cheats, RNG’s are often the target. In the past, a group of Russian criminals infiltrated a Las Vegas casino, cracking the RNG’s and making a fortune. Their luck soon ran out though, four men were arrested on federal charges of conspiracy to commit fraud.
As already mentioned, employee fallibility is generally considered to be the reason for most attacks. So, it’s incumbent on all businesses to ensure that the people who work for them know all about the risks as well as their responsibilities. This starts with the various cybersecurity policies that employees should all be aware of including the use of extra secure passwords as well as the appropriate level of encryption.
The increasing amount of remote working has also opened up many more potential security gaps, for example through the use of unsecured networks, so VPNs are more and more being used.
All businesses should also have a very definite and well-defined internet and email usage policy that ensures that risky behaviour is avoided and potentially dangerous sites are avoided.
Naturally, not all of the blame for cyberattacks can be pinned on employees. Weaknesses in the IT architecture and infrastructure can also often be responsible. This is why it’s so important for businesses to invest sufficiently in anti-phishing, spam and malware protection. Ensuring that the very latest versions of software, and any security patches that become available, are used as soon as is practical is also very important.
Looking to the future
There’s very little doubt that cyber-attacks will continue to become both more common and more sophisticated as time goes on. So, it is going to become more and more important that businesses of every kind are well-equipped to deal with them. This will involve the investment of both time and money. But without this investment, any organization’s very existence may be under threat.
Even more risks are also likely to emerge. For example, the much heralded “internet of things” may well provide multiple entry points for hackers. But, by being prepared, hopefully the majority of these will turn out to be dead ends.