The Risks and Costs of Cyber Security in Business Today

It is positively undeniable that the continuing advances in the Internet have had a profound impact on both our personal and our professional lives. It has become easier and more convenient than ever to connect with people all around the globe in new and innovative ways, from social media to live video and everything in between. From a business standpoint, this has also yielded remarkable opportunities to serve your existing customers better and to reach new customers more effectively.

However, as you are likely very keenly aware, there is always a price to be paid. Not a day goes by that we don’t hear about yet another malicious virus circulating around the web or yet another hacker group attempting a DDOS (distributed denial of service) attack. Cyber attacks are everywhere and businesses of all sizes need to be paying more attention to their cyber security efforts.

The Growing Threat of Cyber Attacks

A great report and infographic were posted on Business Insider earlier this year, explaining why cyber security is so important and why it will continue to be such a pivotal area of focus in the years to come.

The infographic, which was put together by BI Intelligence Senior Research Analyst John Greenough, explores several areas related to cybersecurity now and moving forward.

Think about it this way. As we put more data up on the web and as we get more devices that connect to the Internet, cyber criminals will have even more incentive to perform their nefarious acts. There may have been a bit of a leveling off of total US data breaches between 2014 and 2015, but the upward trend is obvious enough. For this reason and more, organizations and brands around the world are investing more time, money and resources into cyber coverage than ever before, to make sure they are protected from not only future attacks but also liabilities as well.

Remember that everyone is at risk here. If you use Dropbox, Facebook, and Gmail on your smartphone, you are at risk. If you receive payments from your small business customers over the Internet, you are at risk. If you are a government organization or an international mega-corporation, your data centers are at risk.

If you’ve ever had a concern about your online browsing history and personal data getting released, it might also be a good time for you to consider any of these top VPN service providers.

The Five Biggest Risks

According to the BI Intelligence report, which cites information from Raytheon’s Ponemon Institute, the five biggest risks to cyber security and the most threatened by cyber attacks are as follows:

1. Zero Day Attacks: Whenever any service provider or software developer releases a new solution or program, it is vulnerable to attack. The hackers target vulnerabilities that have not yet been found or patched in the software. This is common with a number of mobile apps, for example, as well as any new releases in operating systems. This is a part of the reason why some software developers host “hackathon” events to proactively seek out vulnerabilities before the “bad guys” use them for nefarious purposes.
2. Cloud-Data Leakage: Cloud computing and cloud storage have made running an online business infinitely easier. Take the “humble” business of blogging as a prime example. You host your website on a server and you access the back end through a web browser. You might store backups in Google Drive. The same is true with conventional businesses where employees may store what might otherwise be sensitive data to cloud services. That’s a lot of trust, because if those cloud services get hacked, a lot of sensitive customer information can leak, as was the case with the iCloud hack in 2014 that saw the leaking of celebrity private photos.
3. Mobile Malware: It has been stated multiple times in recent years that mobile is the future. In reality, mobile is the present. More people are accessing Internet services and websites through their mobile devices, like smartphones and tablets, than ever before, sometimes surpassing traditional desktop access. Mobile devices are also a treasure trove of data, from contact lists to credit card information. Unsurprisingly, hackers recognize this too.
4. Targeted Attacks: While there are more general attacks, like how a DDOS can wipe out entire swaths of the Internet at a time, targeted attacks focus their efforts on a predetermined user or organization. Some of these come from activist groups, while others could stem from criminal activity. In both cases, your business could be at risk.
5. SQL Injection: It used to be that the biggest fear was when a virus or other form of malware infected your own computer. While that is still a threat, to be sure, the scarier attack is one on a server. The hacker can insert malicious code on the server, running through to steal, delete and modify the data stored within. This could represent the compromising of all your customer data and your private records.

The Internet is a wonderfully powerful place, but it is also incredibly vulnerable to attack.

Investing More in Cyber Security

With all of these potential threats, businesses and organizations are significantly ramping up their cyber security efforts. It’s estimated that some $665 billion will be spent on cyber security initiatives between 2015 and 2020. According to Symantec, vulnerabilities were found in about three-quarters of websites around the world. That’s a very large proportion.

And, as mentioned above, this certainly is not a concern only for large corporations and government organizations. Indeed, small businesses are actually at much greater risk of cyber attack. This is because a proportionately larger part of small business worth is derived from the information it owns. If the hacker can steal that information, the direct worth of that small business is immediately diminished.

But if companies and enterprises want to invest more in cybersecurity, where should they be directing their resources? The Vormetric Global Insider Threat Report indicates that these five areas are where organizations are spending or plan to spend their money.

1. Network Defenses: Protecting data at the network level.
2. Endpoint and Mobile Device Protection: Securing individual devices against hacking.
3. Data in Motion Defenses: Protecting the data as it is transmitted from one place to another, including through more advanced encryption.
4. Data at Rest Defenses: Securing database data against attack by increasing security measures.
5. Analysis and Correlation Tools: Seeking out suspicious activity by monitoring and analyzing data flow.

Top Cyber Attacks Over the Years

Even though employees are the most cited source of data breaches, they’re obviously not the only ones to blame. A leaky infrastructure becomes a more likely target. Literally, millions of personal records are exposed each year.

Some of the more notable cyber attacks in recent memory include:

• 2005-07: Albert Gonzalez and his cohorts stole more than 170 million card and ATM numbers using SQL injection.
• 2010: PayPal hacked and customer information leaked after restricting WikiLeaks’ use of the online payment processor.
• 2011: Canadian government hacked by users with Chinese IP addresses.
• 2011: Sony PSN customer information hacked and leaked.
• 2011: Citigroup victim of brute force attack, exposing 200,000 customer accounts.
• 2012: Yahoo! hacked with customer passwords leaked on the Internet.
• 2013: Spamhaus, a popular spam-detecting solution in the UK, hacked.
• 2014: The “Fappening” leaks nude celebrity photos stolen from Facebook, Twitter, Instagram and Apple iCloud.
• 2015: Ashley Madison victim of data breach, perpetrated by The Impact Team.
• 2016: Concerted DDOS attack of Dyn DNS significantly disrupts Internet access; IoT malware blamed.

How to Protect Yourself

With rising fears of cyber attacks and the increasing need for better cyber security measures, what can you do to protect yourself from such attacks? While no solution will ever be 100% comprehensive, there are a few basic steps you can take.

Utilize two-step verification/authentication wherever possible. Use secure and unique passwords with every service that you use. Make sure that all of your online databases and data are suitably protected against attack. Keep regular, redundant backups of all your data in different locations in case any one of them is attacked. Be extra careful with any personal information you share online and how you choose to share it.

And above all else, realize and recognize that anything, everything that you upload to the Internet at any point, even if you delete it anytime thereafter, is vulnerable to attack and theft. If it’s ever been on the Internet, it’s forever and could be exposed to all to see.