From personal banking and business processes to government infrastructure, we live in an increasingly networked world where cyber security and trust are no longer optional.
According to an article by White & Case, cyber crime costs the global economy over $400 billion per year. Well known retailers such as Target, TJ Max, and Home Depot are among many US companies to lose customer data and credit card information in security breaches. Other organizations have lost money as a result of cyber criminals draining accounts, carrying out industrial espionage, or taking over company computer systems and demanding ransom money to unlock them.
The National Institute of Standards and Technology (NIST) warns that cyber security risk affects a company’s bottom line. It can drive up costs and impact revenue. It can harm an organization’s ability to innovate and to gain and maintain customers.
Most Companies Are Unprepared for Cyber Attacks
As of the 2015 Global Risks report, mentioned in a Forbes article, “90 percent of companies worldwide recognize they are insufficiently prepared to protect themselves against [cyber attacks].”
Forbes goes on to point out that many companies categorize cyber security as “a risk to avoid rather than an opportunity to pursue.” After all, it’s an added expense that can hinder an organization’s efforts to leap ahead technologically. But in our modern landscape of rapidly developing technologies, staying on top of increasing security and privacy threats is more critical than ever before.
One problem is that companies continue to introduce more digital innovations, but fail to adopt and adapt cyber security measures in accord with the potential threats they’ll face. Additionally, digital security in a global economy is affected by the regulations, compliance, and enforcement in the countries where a company operates. And even when a company’s leaders are proactive about investing in cyber security, its partners and vendors may not be. In fact, according to Forbes, nearly 80% of companies fail to evaluate their customers and suppliers for cyber risk. Furthermore, as organizations adopt more internet-connected devices, the potential for cyber security risk to be distributed more widely also increases.
Companies need to recognize that perimeter security—from firewalls to anti-virus protection—is no longer enough. With growing interconnectivity and interdependency comes the need to adopt a zero-trust model which assumes that all network traffic is untrusted and operates according to 3 key concepts:
- Ensure that all resources are accessed securely regardless of location
- Adopt a “least” privilege strategy & strictly enforce access control
- Inspect and monitor all traffic
A Three-Pronged Approach to Cyber Security
We live in a networked world where not even a zero-trust approach is a failsafe. The question, then, is not if but when a security breach will occur. That being said, how a company responds to and manages cyber risks becomes critical.
According to Forbes, “the key is to develop a robust approach to measuring, controlling, and responding to cyber risk.” They recommend the following three-pronged approach for managing the threats companies face in today’s expanding network landscape:
- Prevention – An aspect of cyber security that remains as important as ever, companies must continuously evolve their preventative strategies where security policies, educational approaches, and access controls are concerned.
- Detection – There is no bulletproof prevention approach in today’s ever-evolving cyber threat environment. Implementing the appropriate intrusion detection systems, therefore, is crucial in the early detection and notification of cyber compromises.
- Reaction – Detection is pointless if there is no response. Companies that approach cyber security as a competitive advantage will establish incident response plans in the same way they would prepare for recovery from a natural disaster.
Building Security Into Each Layer of Digital Ecosystems
As a company’s data and business processes become more widely distributed, its cyber security measures need to become more far-reaching. And while digital technologies increase cyber security risk, they can also help reduce it. Machine learning and big data analytics, for example, can strengthen security protections.
But hackers will try to take advantage of these powerful technologies as well. They’re always on the lookout for attack tools that enable them to breach outdated security measures and corporate vulnerabilities. Historically, hackers have also been quick to take advantage of new automation tools that allow them to carry out more sophisticated attacks on corporate and state assets.
Companies that recognize and embrace trust and security as competitive advantages will build security into each layer of their digital environments suggests Forbes:
- Secure Content: Incorporate security into all applications, ensuring the protection of products, content, and transactions.
- Secure Processes: Invest in security patch management, hardened systems, security auditing, and end-to-end incident handling, as well as a far-reaching cloud operations security structure.
- Secure Organization: Educate employees on security, create end-to-end physical security of assets, and establish a comprehensive business continuity plan.
Forward-thinking organizations will follow these principles within their own companies, as well as expecting them from their partners, suppliers, and customers.
Computer networks have always been targeted by criminals. As these networks expand, potential security breaches will increase. Companies who fail to adopt more agile and far-reaching cyber defense measures may suffer unexpected costs, operation shutdowns, legal consequences, and reputation damage.
Fortunately, there are practical ways for organizations to minimize the impact of cyber threats. With the right degree of preparation, it is possible to control damages and recover from the consequences of security breaches.
“…As cyber risk expands and the attacks result not only in financial and reputational damage but also in physical destruction, danger, or loss of life, trust will become a competitive advantage. Therefore, those companies and organizations that want to dominate their markets will approach security as a strategic investment, proactively embedding cybersecurity strategy into business strategy.” Source ~ Forbes
Taking a collaborative network approach will be critical in fighting the battle against persistent global threats to corporations, personal data, supply chains, products, and physical operations. “Trust will be the most important currency in the digital future,” says Forbes, “one that companies will have to earn and work diligently to keep.”