businesses

now browsing by tag

 
 

Businesses #leaders need to take the #reins with #cyber security

Source: National Cyber Security – Produced By Gregory Evans

Businesses #leaders need to take the #reins with #cyber security

Recent high-profile incidents are yet again highlighting the damage that cyber-attacks can make to a company’s reputation, customer relationships and, of course, bottom line. It tells us one thing – businesses are still not doing enough to combat these threats.

Findings from our Advanced Trends Report 2017reinforces this worrying state of information security, with nearly one in five (18%) British businesses admitting to being unprepared for a cyber-attack. It’s not good enough – in the face of digital disruption, cyber security is critical.

This can’t be stressed enough. While digital innovation presents a huge opportunity for our economy, it also goes hand in hand with a need for greater emphasis on cyber security.

The growing infiltration of, and dependency on, the Internet, along with technology trends such as the Internet of Things (IoT) and Artificial Intelligence (AI), is changing how we do business and therefore widening the area of opportunity for attack. Now more than ever, it is vital that organisations fully appreciate the risks of cyber crime and take the necessary steps to mitigate them.

The consequences for firms that fail to implement robust cyber security measures are stark – ranging from severe operational disruption to financial losses, redundancies or even bankruptcy.

This is echoed by recent high profile attacks, which show that organisations are not detecting attacks quickly enough, are slow to respond to them and do not understand the impact of an attack on their business once it is underway.

What’s more, the ways in which cyber criminals attack are becoming more sophisticated. While the Government has greatly increased its cyber crime budget, it is down to organisations to take control and create a culture of security which needs to be led at all levels and backed up with robust policies created and maintained to reduce and detect risks early and regularly.

A good internal culture will also make the management of data easier, will carry on through to all interactions with external relationships and hopefully encourage clients and partners to be more security conscious too.

Britain’s success in the digital era – dubbed the fourth industrial revolution – therefore goes beyond simply investing in new technologies and techniques. It requires cultural shifts, new business models and the ability to adapt and innovate. But above all, it requires strong leadership.

Responsibility at board level

The increased threat of cyber attacks and impending General Data Protection Regulation (GDPR) place significant responsibilities on business leaders to ensure every employee understands how to protect corporate and personal data.

Unquestionably, the entire leadership team needs to be on board, driving this change. However, according to the same Advanced report, nearly one in three (31%) UK employees have no confidence in the leadership of their company to create and run a modern digital infrastructure. This is very troubling, given that a successful digital infrastructure is dependent on effective security and data protection measures.

Leaders urgently need to get a handle on the regulation and security challenges if they are to move forward in the digital era. They shouldn’t leave anything to chance and should ensure cyber security is high on their agenda, calling on third party experts if they need specialist support. Why? Because the consequences in today’s business landscape are frightening.

While we know a breach can affect a company’s reputation, customer relationships and bottom line, we have increasingly seen leaders lose their jobs as a result – most notably former CEO Dido Harding at TalkTalk. But the repercussions of a data breach or loss would be even more damaging if a company failed to safeguard its data under the GDPR.  Equifax, for example, could have been fined up to $124 million if the regulations had already come into effect.

The bottom line is that cyber resilience is critical for every organisation. No one is immune, which is why cyber security must be a top-level priority for organisations, from the boardroom down. Only then can then leaders (and their employees) confidently adopt innovations like IoT to AI and make the right investments for their digital future.

The post Businesses #leaders need to take the #reins with #cyber security appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Can Cybersecurity Overconfidence Lead To Extinction For Businesses?

Source: National Cyber Security – Produced By Gregory Evans

Can Cybersecurity Overconfidence Lead To Extinction For Businesses?

In the first half of 2017, we have seen plenty of cybersecurity headlines—from the recent WannaCry attack to hacks on Gmail and Chipotle, as well as hundreds of Twitter accounts like CNN, it seems that cyberattacks are increasingly becoming the “norm.” These cybersecurity breaches aren’t to be taken lightly either. Companies can suffer huge financial losses and as importantly, reputational damage that has lasting negative effects on businesses.

Despite high-profile hacks and attacks happening on a more frequent basis, enterprises and small to medium-sized businesses (SMBs) are surprisingly confident in their cybersecurity preparedness. Companies are maintaining that their cybersecurity defence is continually being ramped up, and more investment is being made each year to maintain that level of confidence. There also seems to be a common belief that “it won’t happen to us.” Unfortunately, this belief simply doesn’t hold true.

The Stark Reality

According to research conducted on 400 SMBs and enterprises in the UK and US, almost all businesses – 87 percent – have complete trust in their security techniques and technology. More than half even believe they are less vulnerable than they were 12 months ago. And given that 61 percent said they were about to receive a substantial boost to their cybersecurity budgets, it’s easy to see why businesses are confident in their preparedness.

It’s not just high-level assurance either. When asked, businesses were confident in their ability to tackle very specific threats. For instance, half were certain that if a mobile device was stolen, they would know exactly what data was on that device and the level of risk to the business. Fifty-seven percent were also sure of the measures they have in place to protect clients’ and employees’ personally identifiable information (PII).

For all the self-assuredness, 71 percent still admitted they had been breached in the last year. And with only 29 percent reporting a breach in 2016, businesses’ overconfidence in cybersecurity is somewhat alarming. It’s even more alarming when you consider that 77 percent reported a tangible loss, such as the loss of a customer or partner, monetary loss, or operational impact such as downtime.

The Cost Of Cyber Attacks

In hard commercial terms, what does a cyber-attack cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications?

When taking into consideration the average number of records held for SMBs (5,000) and enterprises (6,000), along with the standard cost of a stolen record calculated by IBM and Ponemon as £122/$157 (which factors direct and indirect costs, as well as brand damage, and the impact on future customer acquisition), the typical cost of a breach to an SMB is £59,000/$76,000. For a larger enterprise, the average cost is £724,000/$939,000.

No company can afford this degree of liability. So why does the vulnerability exist? And what can businesses do to prevent such attacks taking place?

The Seven Pitfalls Of Cybersecurity

It seems there are seven pitfalls that are opening UK and US businesses to cyberattacks and huge financial liabilities.

The first is inconsistency in enforcing security policies. A security policy is only helpful to businesses if it is enforced and its suitability is regularly checked, but businesses aren’t enforcing their security policies. Only a third can claim their security policies are reliably applied and regularly audited. The rest either only enforce them occasionally, fail to audit them, or have no policies in place at all!

The second pitfall is negligence in the approach to user security awareness training. Training plays a huge role in cybersecurity preparedness, but only 16 percent consider it a priority. A massive 71 percent pay lip service to security awareness as a one-off event at employee on-boarding, or at best are only reinforcing it once a year.

The third, is that businesses also appear to be short-sighted when it comes to the application of cybersecurity technologies. Six out of nine of the top cybersecurity technologies were deployed by fewer than a third of businesses. Web protection, email scanning, and anti-malware had each been rolled out by only 50-61 percent of businesses, but the remaining six (including firewall rules, and patch management) had been deployed by only 33 percent at the most (SIEM), or 25 percent at the lowest (intrusion systems).

The fourth is complacency when it comes to vulnerability reporting. Fewer than a third (29 percent) say their reporting is robust. Surprisingly, 19 percent have no reporting, and a further 11 percent have no plans to investigate the usefulness of vulnerability reporting.

But it’s not just a lack of reporting on vulnerabilities—the fifth pitfall is inflexibility when it comes to adapting processes and technologies after experiencing a breach. After a breach, only 44 percent implemented new technology, and only 41 percent changed their processes.

The sixth is that businesses are stagnant when it comes to applying key prevention techniques, with the majority of businesses failing to adopt the leading prevention techniques. While the most prevalent technique was full disk encryption on mobile and portable endpoints, this was only performed by 43 percent of businesses.

The seventh and final cybersecurity pitfall is lethargy around detection and response. In fact, detection, response, and resolution times have all increased compared to 2016.

Business Best Practice

While it is overwhelmingly clear that SMBs and enterprises are overconfident in their cybersecurity preparedness, this confidence does create an opportunity for managed service providers (MSPs). First, MSPs can offer cybersecurity training to customers. Training can make a huge difference in your clients’ security. Whether it’s offered as a service to build revenue, or it’s given for free to provide retention, training can cut down on the number of security incidents. That translates to fewer emergency calls and, ultimately, happier clients.

MSPs can also prepare their customers with disaster drills—just like marketing teams practice their responses to PR crises, financial services organisations stress test their portfolios, and logistics teams plan for transportation hubs closing down unexpectedly. MSPs can practice disaster events with clients, both in terms of technology and processes, to discover weak points and make improvements. Are the lines of communication and equipment sufficiently robust? Are expectations and metrics reasonable? MSPs are also likely to find a few upsell opportunities while doing so.

But the onus isn’t just on the customer. MSPs also need to make sure that their own security practices are up to scratch. MSPs should review practices and their security technology stack not only for current best practices, but with an eye to the future too. Does security meet the current and future needs of the typical SMB or enterprise? Does it work well across on-premises, cloud, and hybrid environments? Can clients in highly-regulated verticals be served?

Finally, MSPs should determine the partnerships or skills they will need to deal with cyber-attacks. Many security incidents require specialists to handle—so whether it’s warding off DDoS attacks, protecting IoT at an architectural level, or implementing digital forensics incident response, MSPs need to either hire expertise in-house, or partner with someone that can handle these. You never want to have to build new skills in the middle of a crisis.

Preparing For The Worst

Businesses need a stark reality check. While they are confident in the processes they have in place, the truth of the matter is that businesses are failing to implement the technology and techniques that could save them hundreds of thousands of pounds. And businesses are naïve to think that cybercriminals won’t capitalise on this overconfidence. But all is not lost. With the right approach, relationships and tools, businesses can help to ensure that they don’t fall victim, and aren’t yet another headline.

The post Can Cybersecurity Overconfidence Lead To Extinction For Businesses? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Third-party #cyber security failures cost #businesses the #most

Source: National Cyber Security – Produced By Gregory Evans

Third-party #cyber security failures cost #businesses the #most

Third-party cyber security failures are costing businesses the most – up to £1.5m – as security budgets shrink, a study by Kaspersky Lab and B2B International reveals

Companies suffer the greatest damage as a result of cyber security incidents relating to their partners, according to research.

This is the finding of a study examining whether cyber security is a cost centre or a strategic investment by Kaspersky Lab and B2B International.

Incidents affecting infrastructure hosted by a third party cost small businesses £106,000 on average, while large enterprises lost nearly £1.5m as a result of breaches affecting suppliers they share data with, and £1.2m because of insufficient levels of protection at providers of infrastructure as a service (IaaS).

These findings indicate that companies should not only invest in their own protection, but also pay attention to that of their business partners.

As soon as a business gives another organisation access to its data or infrastructure, the report said weaknesses in one may affect them both.

There is a growing list of examples of data breaches that can be traced to third-party suppliers, from the Target breach in 2013, to more recent cases such as insider trading by hacking newswire services and fraudulent tax claims by compromising a feature on the US Internal Revenue Service website that was hosted by a third party.

This issue is becoming increasingly important as governments worldwide introduce legislation requiring organisations to provide information about how they share and protect personal data.

“While cyber security incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab.

“This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR [General Data Protection Regulation] become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill,” he said.

According to the study, 63% of companies are investing in cyber security regardless of return on investment (ROI).

However, the study also shows that businesses around the world are starting to view cyber security as a strategic investment, and the share of IT budgets that is being spent on IT security is growing, reaching almost a quarter (23%) of IT budgets in large corporations.

This pattern is consistent across businesses of all sizes, including very small businesses where resources are usually in short supply. However, while security appears to be receiving a larger proportion of the IT budget, the overall budget is getting smaller. For example, the average IT security budget for enterprises in absolute terms dropped from £19.2m in 2016 to £10.3m in 2017.

As security budgets shrink, the cost of security breaches is going up. In 2017, small to medium-sized enterprises (SMEs) are paying an average of £66,800 per security incident, compared with £65,900 in 2016, while enterprises are facing costs of £756,000 in 2017, up from £655,000 in 2016.

To help businesses with their IT security strategies, based on the industry threat landscape and specific recommendations, Kaspersky Lab has introduced an IT Security Calculator.

The tool is aimed at providing a guide to the cost of IT security based on the average budgets being spent, security measures, the major threat vectors, money losses and tips on how to avoid a compromise.

 

The post Third-party #cyber security failures cost #businesses the #most appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Local small businesses may be at risk for hackers

Source: National Cyber Security – Produced By Gregory Evans

Local small businesses may be at risk for hackers

In the city of Rockford, small business are on every corner. Each one, a potential target for hackers.

“When you consider that 97 percent of all U.S businesses are small businesses the economic impact of hacking can be astronomical” said Director of Rockford Better Business Bureau, Dennis Horton.

The Better Business Bureau is working to bring awareness to the impact one unknown click can take on a small business.

“90 percent of them are through phishing e-mails. And through those phishing emails usually you will find ransom ware or other malicious software” said Horton.

The owners of Rockford Art Deli, say they’re keeping an eye out for these types of e-mails.

“You know you try to do as much as you can and it can still get through but if it did happen, as a cash based business, they can drain your accounts and you know you’re out until that comes back in” said Rockford Art Deli Owner, Jarrod Hennis.

Hennis says he recently got an e-mail from what seemed to be another local business, but after some digging that wasn’t the case.

“It was a random e-mail from a lender in town actually and it just had a link, everything looked legit when you went and clicked on it. But since I knew nothing was coming and I had nothing in the works, I didn’t click on it. So I kinda did some research on it before we opened it and you could tell it was fake” said Hennis.

Horton says one of most unknown facts is, the business owners are held responsible.

“Their business accounts, their bank accounts, were hacked and they suffered a loss that banks are not responsible for that loss” said Horton.

And being out of business, can be detrimental.

“50 percent of them said that after a month they would probably be out of business, if they were not able to recover that data” said Horton.

Source:

The post Local small businesses may be at risk for hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity Best Practices for Small Businesses

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans The impact of the Equifax data breach that compromised the personal data of over 145 million individuals has left many confused, frustrated and downright angry. And while massive attacks on large corporations make headlines, small businesses have just as much, if not more, at stake. According […] View full post on AmIHackerProof.com | Can You Be Hacked?

Third party Cybersecurity Failures Cost Businesses the Most

Source: National Cyber Security – Produced By Gregory Evans

While more companies are investing in cybersecurity regardless of ROI (63% in 2017 compared to 56% in 2016), a new study from Kaspersky Lab and B2B International has found that the average cost of a cybersecurity incident is growing. According to the report ‘IT Security: cost-center or strategic investment?’, the…

The post Third party Cybersecurity Failures Cost Businesses the Most appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacking fears take small businesses offline

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans After Ken Taylor’s personal computer was hacked he is concerned about the impact hacking would have on his restaurant Templestowe Living Room. “I went into a website which was a bogus site and it basically took a hold of my computer,” Taylor says. “I got a […] View full post on AmIHackerProof.com | Can You Be Hacked?

Cybercrime proliferates against banks, other businesses

Keep employees off the Internet and have workers avoid clicking on any attachment or link in an email. Those are the only sure ways to avoid cyberattacks, according to three experts who spoke today at the North Bay Business Journal’s conference on cybersecurity in Rohnert Park. Maybe it sounds severe… View full post on National Cyber Security Ventures

For Cybersecurity, Independent Contractors Should Think Like Big Businesses

Source: National Cyber Security – Produced By Gregory Evans

The cyber insurance market is expected to grow, by a lot. Researchers at PricewaterhouseCoopers predicted in 2015 that the market would hit $7.5 billion in annual premiums by the end of the decade (and at least $5 billion by next year). With recent high-profile attacks like WannaCry, cyber insurance demand…

The post For Cybersecurity, Independent Contractors Should Think Like Big Businesses appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity Tips for Small and Medium-sized Businesses

Source: National Cyber Security – Produced By Gregory Evans

When it comes to ransomware, big businesses get all the attention in the press, which might lead one to think that this kind of cyberattack only targets companies with a big name. But this is far from the truth. On a global level, 43% of attacks are aimed at small…

The post Cybersecurity Tips for Small and Medium-sized Businesses appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures