This is part one of three in a series where we will discuss trends in the changing landscape of cybersecurity, why so many senior level executives are in denial and what policy changes your organization needs to make to mitigate cybersecurity risks.
Today’s security landscape is littered with data breaches, compliance and security failures for businesses of all sizes. It’s also a hot topic within the media, proving that cybercrime is a problem that affects all of us
ere’s the problem: Each year cybercrime becomes more advanced, resulting in massive data loss, bigger payouts and more organizations going out of business. Why? Cybersecurity was not a priority in most organizations and having anti-virus software was presumed to be the only tool needed to eliminate risk. The changing landscape, coupled with antiquated technologies are hindering those who actually manage/process personal information as they are either:
- not trained on current internet safety best practices or
- trained on best practices but don’t find the training effective since the behaviours of the employees never change.
Here are some other startling facts about the lack of awareness on cybersecurity.
- According to a Spiceworks study, 45 per cent of companies do not provide internet safety training. Out of this 45 per cent, 69 per cent of those employees handle, manage or process personal information. This may account for the reason that end-users keep falling prey to these phishing attacks…staff isn’t being trained, meaning they’re not abreast of best practices.
- The same study shows that while the majority of organizations offer general security awareness training, only a quarter of executives believe that this training is “very effective” at changing employee behaviours. The other 75 per cent of executives deem this information as irrelevant and often don’t train staff on best practices.
- The longer organizations go without any security breaches, the more complacent they become. Sure—firewall, endpoint protection, spam and anti-virus protection may have been all your organization needed. Now, attacks have become multi-layered, and are infiltrating systems, backup-repositories, networks, data and files all at once, making most traditional cybersecurity policies out of date.
- Larger organizations are not too worried about going out of business. The average total cost of a data breach is approximately four million…a legal breach can be so much more…making four million a small price to pay for large organizations to retrieve their data.
- Most senior level decision makers do not have a thorough understanding of cybersecurity issues.
- In most cases budgets and strategy are the only two topics discussed in the board room. Security experts state that cybersecurity needs to be integrated as a part of your organization’s overall strategy, as opposed to keeping it solely within the IT department.
Consider your organization lucky if you have not fallen victim to cybercrime, because it’s not a matter of if your organization will be attacked, it’s a matter of when. The minimum requirements to mitigate any cybersecurity risk include: backing up business critical data on a regular basis, having an anti-virus solution in place as well as making security a part of your overall strategy to avoid costly payments or risk of closure.