Cyber Risk No. 3: Direct Loss From Malicious Acts

English: Outside the fence, Menwith Hill Spy B...
English: Outside the fence, Menwith Hill Spy Base This photo was taken on the ‘Foil the Base’ demonstration in March 2003. Founded in the 1950s (RAF) Menwith Hill has been operated since 1966 by the United States’ National Security Agency (NSA), and has grown to become the world’s largest intelligence-gathering ground station outside the US. (Photo credit: Wikipedia)
In previous posts, we’ve covered how loss or theft of confidential information and loss of reputation can affect the cyber security of a 21st Century business. Today, we turn our attention to direct loss from malicious acts (i.e. hackers, malware).  
So many businesses are open to this risk because they don’t know how to protect their security, leaving them vulnerable to malware threats that can quickly cause advertisers, partners, and customers to abandon ship. 
Perhaps scariest of all, is that no business is immune.
Take the recent case of Tor, the encrypted web security browser designed to allow businesses and privacy-concerned users to browse the Internet without fear of reproach.  Tor had given so many people peace of mind until a recent malware attack, which many are attributing to the National Security Agency (NSA), toppled user confidence.
Researchers claim that malware responsible for bringing down Freedom Hosting, the biggest service provider on the anonymous Tor network, was hard-coded to send information to the NSA, reported TechWeek europe.  In one fell swoop, the product became forever in question.
According to Verizon’s 2012 Data Breach Investigations Report, 69% of data breaches in 2012 were attributed to malware infections. 174 million data records were lost in 855 separate incidents.  The rate of infection grows each year. McAfee, in a The State of Malware 2013, reported they cataloged 100,000 new malware samples each day.  
So what does data theft malware really cost us? Globally, the cost of a data breach averaged $136 per compromised record, up from $130 the previous year (2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec). With even 120 million data records (69% of the total) from 2012, that’s over $16 billion in loss from malware data breaches.
Here are two things to consider as you attempt to bring security to your business. 

  1. There are many types of malware that can threaten your system’s security, and they’re constantly evolving. You must invest your cyber security dollars with a company that is constantly aware of the changing landscape. Defence Intelligence’s Nemesis 2.0 uses advanced network behaviour analysis in conjunction with real time intelligence to prevent and detect system compromise on your network.
  2. Attacks are inevitable.  Security experts like to say that there are now only two types of companies left in the United States: those that have been hacked and those that don’t know they’ve been hacked.  The news is full of stories of large and small companies that are compromised. Don’t be one of them.
Enhanced by Zemanta

Cyber Risk No. 2: Loss of Reputation

facebook
facebook (Photo credit: sitmonkeysupreme)
Reputation is a business’s most valuable asset. It is what keeps the customers we have and gives us new opportunities in the marketplace. Any negative event can damage that reputation, putting a business temporarily on the sidelines or even eject them from the game. 
Since whistle blower Edward Snowden revealed the NSA had overstepped boundaries in collecting metadata on millions of Americans, companies like Microsoft, Google and Facebook have been questioned about their involvement.  According to The Guardian (June 2013), the “world’s largest Internet brands claimed to be part of the information-sharing program since its introduction in 2007.” This includes Skype, YouTube, AOL and Apple.  It leaves us to question how this information is being used, whether is it for government surveillance or part of their business model, but the exposure of this secret and suggested misuse of data and betrayal of trust may damage the public opinion of these giants.   
These mega companies, however, can easily recover from suspicion and character damage. Their brands are a household name and the luxury of being a giant is that you are hard to topple. But what about smaller companies and their ability to recover from an unintentional data breach? Most companies collect information on their customers for no other purpose than to run their business and develop products and services. What happens when that private information involuntarily becomes public as a result of a malicious attack, whether via a former employee or malicious software controlling entities?
InformationWeek stated, while commenting on the Ponemon Institute study on the Cost of a Data Breach, “Customers, it seems, lose faith in organizations that can’t keep data safe, and take their business elsewhere.” Negative press and public mistrust are the natural consequences for loss of data, exposure to data misuse, or poor data security. These consequences are far more detrimental to the little guy. One in five small businesses falls victim to cybercrime each year and 60 percent of them go out of business within six months after the attack (National Cyber Security Alliance).
That’s why protecting your business from cyber risks — especially those placing your customers in jeopardy — will be one of the most important business moves you make.  

Related articles
Enhanced by Zemanta

Is Anybody Listening? The Struggle for More Security

Communication
Communication (Photo credit: P Shanks)
You might know the immense value of IT security, but you probably know at least a few professionals who don’t. Apparently, communicating the importance of security is a difficult task for many people, so you’re not alone if you find this hard to do. 
It can be tempting for some senior executives to only look at the cost of security programs, while others are ambivalent toward their effectiveness.  But either way, the true value of IT security is not getting across, and that’s a breakdown in communication. In fact, according to Infosecurity Magazine, the authors of a study done by the Ponemon Institute for Tripwire claim, “As business leaders are required to disclose more about their organization’s security risks, those business-oriented security executives with good communication skills will be in even greater demand.”
The study – which involved IT professionals from both the US and Britain – found that approximately half of those surveyed admitted they were ineffective at letting management know about security risks. Many say it’s because the security metrics are too complex for their bosses to understand. The result is that companies are allowing security threats to stick around because management simply doesn’t know about their severity.

But with increasing dependence on technology, security risks are not going away any time soon. In fact, there are more now than ever, which means it is increasingly important for security professionals to properly communicate the risks to senior executives. Getting the point across might require the use of graphs or even the ever-popular infographics, but getting management to comprehend the value of IT security is worth the extra effort.
Enhanced by Zemanta