Over the past few years, cyber attacks have emerged as one of the biggest global threats to businesses and governments. In September, the largest social networking platform, Facebook announced that data of at least 50 million accounts have been exposed to hackers through a breach. “Our investigation is still in its early stages. But it’s clear that attackers exploited vulnerability in Facebook’s code that impacted ‘View As’ feature that lets people see what their own profile looks like to someone else. This allowed them to steal Facebook access tokens, which they could then use to take over people’s accounts,” read a statement on the company’s blogpost.
Clearly, cyber attacks of such scale can cause major damage to any business. It comes as no surprise then that many a user are now wary of what they share on social media platforms. A Frost & Sullivan study commissioned by Microsoft revealed that a large-sized organization in the Asia Pacific region can possibly incur an economic loss of $30 million, more than 300 times the average economic loss for a mid-sized organization. This is more than seven percent of the region’s total GDP of $24.3 trillion.
In addition to financial losses, cybersecurity incidents are also undermining Asia Pacific organizations’ ability to capture future opportunities in today’s digital economy, with one in six (59 percent) respondents stating that their enterprise has put off digital transformation efforts due to cyber risks, the study emphasized.
Many organizations and cybersecurity leaders have taken the responsibility to bridge the gap between awareness and action. According to Luis Corrons, Security Evangelist at Avast, how much a cyber attack costs a company varies depending on the attack, but hacks can cost immensely. One of the global leaders of cybersecurity space, Czech Republic-based Avast has been delivering antivirus software for 30 years now.
From personal records to financial figures, the potential consequences of cyberattacks are vast and varied. Corrons says, “Not only is a company’s reputation at risk after a hack, which can result in losing customers and investors, but sensitive business information can also be compromised during a hack and this can have negative and long-lasting effects.”
In addition to financial loss, hacks can cost companies valuable information and can seriously damage the reputation of a company. “When a company is hacked, they typically need to pay for an investigation of the incident and crisis management. Additionally, companies need to cover the costs of notifying their customers and pay for any lawsuits that may result from a hack,” Corrons adds.
Mikko Rontynen, director of Product Marketing, F-Secure described bankruptcy as the worst-case scenario for cyberattacks. Finnish cyber security and privacy company, F-Secure has been fighting for a safe and secure internet for over a quater century now. “It’s not only about direct monetary losses caused by the attack, such as counterfeit financial transactions, lost IPR or customer data, manufacturing downtime etc. Think also about the impact on your brand’s reputation and customers’ trust. Legislation and compliance requirements may also define strict consequences, as an example, Europe’s General Data Protection Regulation defines a possible fine of up to 2 percent of your global annual turnover — in case you are unable to detect and report personal data breaches within 72 hours,” says Rontynen.
Similar thoughts have been echoed by Sanjay Katkar, joint managing director, and chief technology officer, Quick Heal Technologies Limited, about the threat landscape becoming more sophisticated with each passing day. “To say that cyber threats are one of the biggest challenges for modern day businesses would be a massive understatement. Over the years, various reports and studies have highlighted how organizations of sizes, across industries, are registering an exponential growth in the number of cyber attacks. Attacks are evolving dynamically, making them perhaps the biggest threat in today’s increasingly digitally-connected era,” says Katkar.
An early pioneer in the cybersecurity space, Quick Heal Technologies Limited develops security software for consumers, servers, cloud computing environments and SMEs, and sells products directly to customers in more than 40 countries globally including India, Japan, UAE, US and Kenya. Katkar says that most organisations are unequipped to deal with threats of such high sophistication and complexity. And, this is why it is more critical than ever for companies to make cybersecurity an integral part of their short-term and long-term business strategy. “Not only will this security-led approach help in protecting their assets from cyber attacks, but also in staying a step ahead of malicious threats,” he adds.
Constructing a step-by-step action plan can keep businesses safe from a possible cyber attack or security breach. Corrons provided detailed steps that organisations can take to prevent adverse risks.
He says, “Firstly, businesses need to ensure they have the right tools and technology to mitigate the threats and have antivirus software and firewalls in place. Software upgrades and patches should be implemented as soon as they are available. Firms also need to know where their most sensitive business information is stored. If they don’t know where their most sensitive data is, how can they be sure it’s secure?”
Expressing similar concern, Katkar says that organisations must also identify business-critical data and develop a viable data protection strategy. “Innovative solutions such as Encryption and Data Loss Prevention (DLP) can help in management of data, thus ensuring that important business data remains protected. Last, but not the least, businesses need to follow certain steps to ensure basic security hygiene by regularly updating softwares – security or otherwise – and installing the latest software patches as soon as they are released,” he says. Global advisory firm Gartner says by 2020, 60 percent of enterprise information security budgets will be allocated for rapid detection and response approaches, which is an increase from less than 30 percent in 2016. Rontynen stresses that organizations must invest into rapid detection and response capabilities.
“Practice cyber resilience, which refers to an organization’s ability to continuously deliver a desired outcome despite adverse circumstances and events,” Rontynen suggests, adding, “In addition to systems, services and applications, cyber resilience is concerned with leadership, teamwork and the effort an organization puts into improving its readiness and ability to recover.”
(This article was first published in the November issue of Entrepreneur Magazine. To subscribe, click here)
Article originally posted by entrepreneur.