According to the Identity Theft Resource Center, as of July 2017, over 700 companies were breached, nearly matching the total of all breaches in 2016. Cybercrimes are happening more often than ever. A data breach has occurred when an individual’s name plus Social Security Number (SSN), driver’s license number, medical record, or a financial record/credit/debit card is tendentially put at risk.
IBM’s Data Breach Study reports that on average, the cost per record stolen in the United States is $221, and that the average time to just identify a malicious attack is 229 days. How will that affect your company? If you run a business that processes only 10 unique records per day and your company is breached, and it takes you the 229 days to detect the attack, your total exposure is over $500,000. The potential damage can be catastrophic for you.
Cybersecurity is a one-way war; hackers attack relentlessly while businesses can only attempt to defend their assets. Thus, the only way to reduce risk is to make hackers jump through as many hoops as possible before reaching the valuable information. This is what is known as reducing the hacker’s ROI, so that the hacker moves on to a more lucrative target than you.
Now is more critical than ever to view your cybersecurity investment similar to how you would justify insurance. The premiums paid – cybersecurity investments – reduce the expenses to a fraction of what they would be without coverage. Businesses that invest in cybersecurity to protect their business end up profitable, while those that don’t are left vulnerable to exorbitant costs. Which side of that equation do you want to be on?
How can you prevent an attack when you don’t know what you are looking for?
Hackers prey on human error by stimulating strong emotions to create gaps in security. Per the same IBM report, human error comprised 23 percent of all data breaches. To establish a baseline for cybersecurity awareness, the Department of Homeland Security offers free posters and other promotional material that should be placed around the office. We also recommend quality and regular cybersecurity awareness training for your employees.
Cybersecurity and elearning
A meaningful security culture requires consistent reinforcement of cybersecurity awareness and best practices. Hackers use cutting-edge technology and their methods are volatile. If employees are only trained once a year at your company, they may be unaware of new threats and may not be up to speed on new defense practices. Employees should be regularly trained on the basics of security, especially Password Security and Email Security,
Check out courses available from Enterprise Risk Management through OpenSesame on cybersecurity topics to maximize the protection of your business today. Enterprise Risk Management is a leading Information Security and IT Risk Management firm, whose elearning courses are available through OpenSesame.