60 Million Malware programs are written every single year by cyber criminals. All it takes is one of these programs to steal personal information like bank account numbers, passwords, usernames, corporate data, and social security numbers. They can quickly spread throughout an entire network and are excellent at staying undetected and lying in wait for their prey. Then they strike, holding a network or computers hostage and rendering them useless. A security breach does more harm than just your computers, it hurts your company’s image and reputation, make customers lose faith in your ability to keep their information safe, and can leave you open to legal troubles and more.
So is it worth the high price of protection? Absolutely. Sure, you may not be a target of attacks for several years, but the one time you are is all it takes. Operational losses to locate and rectify the problem can be outstanding on their own, but rehabilitating the image of the company is another issue altogether. The loss of sales from those who no longer trust your ability to keep their information safe is damaging, and nothing is more harmful than word of mouth. Customers saying “Oh don’t buy from them, I heard a bunch of hackers got into their computers and took all the credit card numbers of customers” could become a huge obstacle for your marketing team. The truth may be that malware breached the system, and only had brief access to a server that had encrypted password files that was shut down immediately, but that’s not what will be said in the media or what will be passed around.
If you don’t protect your network, you are asking for media backlash and even fines. Just look at what the public reaction was to Sony being hacked back in 2011. They lost 77 million usernames and passwords to hackers; passwords that they had just sitting on a server in an unencrypted text file. The hack caused them to take their service down for almost a month. If that wasn’t enough damage, they were fined approximately $400,000 by the Information Commissioners Office, a U.K. based watchdog group. A spokesman for the ICO said (regarding Sony):
“There’s no disguising that this is a business that should have known better. It is a company that trades on its technical expertise, and there’s no doubt in my mind that they had access to both the technical knowledge and the resources to keep this information safe.”
No one will ever say managing your security is easy. Humans move 667 Exabytes (that’s 667 MILLION Terabytes) of data over the internet per year. That’s a lot of data to protect, but the worst thing you can do is wait till you get hit to react. It’s too late at that point. In 2011 alone, 30.4 million sensitive records were breached. Improving your cyber security means putting policies, procedures, and technical mechanisms in place to protect, detect, and fix problems before they are problems. This includes training staff to notice and report possible intrusions. On average it takes 20 hours for a breach to be reported, and another 9 hours for it to be confirmed. A lot of damage can be done in that amount of time. Your greatest threat isn’t the hackers, malware, or rival companies though, it’s you. If you leave the gates undefended, you are asking for them to storm the castle.
If you are worried about your network security, ask yourself these questions:
Who Should Have Access to the Network (and what parts)?
What Process of User Authentication do we use? Do we need stricter Authentication?
What Hardware or Software can be installed to help defend our Network?
What’s our plan if we were to detect a security breach?