You’re going to be hacked, have a plan

CYBER-SECURITY

 

According to Neil Bryden, Former CISO and Info Security Strategist, the bad guys are getting even smarter. With cyber terrorism ranking #3 in the illicit marketplace, the snakes of the deep dark web are wrapping themselves around every cent they can find. How much did you ask? Try $104 billion in 2013, railing over the measly $40 billion security industry.

 

Where are we going wrong?

According to a report by the Ponemon Institute, “two-thirds of the time spent by security staff responding to malware alerts is wasted because of faulty intelligence.” And it isn’t cheap. Out of 630 IT and IT security practitioners featured in the study, Ponemon found that 395 hours are wasted each week responding to erroneous or inaccurate malware alerts, costing organizations $25,000 a week, or $1.27 million each year. This suggests that these participating organizations do not have, or utilize available security resources to detect or block serious malware.

And it looks like we’re not learning from our mistakes either.

Another report from Scott & Scott, LLP found that 46 percent of their respondents failed to implement an encryption technology solution following a breach. This is despite the fact that 74 percent of the participants reported a loss of customers, and 59 percent faced potential litigation.

Human negligence

Security breaches aren’t always a villainous scheme carried out in the caves of the deep dark web. Our Scott & Scott, LLP friends also found that nearly half of the breach incidents from respondents were attributed to lost or stolen equipment such as laptops, PDAs, and memory sticks. The second threat? Negligent employees, temporary employees, and/or contractors.

Take the French TV Network, TV5Monde, who exposed its own passwords during a TV interview earlier this year. The interview in question was held in front of several scraps of paper with one of them containing the password of the network’s YouTube account. The password? “lemotdepassedeyoutube,” or in English, “the password of youtube.”

How about an example a little closer to home? In 2012, a NASA laptop and official NASA documents were stolen from an employee’s locked vehicle. The worst part of the story? The laptop was not encrypted and contained data on 10,000 users.

What have we learned?

Going back to Ponemon’s research and the big 16,937-malware-alert-number, the study found that the time it took to identify which alerts were reliable/which alerts to investigate can be prevented by automated tools. According to their study, “organizations that have automated tools report that an average of 60 percent of malware containment does not require human input or intervention and can be handled by automated tools.” Only 41 percent of respondents in the study had automated tools to identify malware threats.

Eliminating the need to analyze tens of thousands of useless, unreliable threats is crucial for building up security defenses. Risking the distraction can be the difference of having a customer base one day and closing your business the next.

Opportunity

So we’ve heard the statistics, and the nightmare-inducing stories. Where do we go from here? Good news is, apparently these stats are actually keeping CFOs up at night. According to this article, only 10 percent of CFOs consider their company well prepared for a cyber attack. With the $1.27 million time wasting problem weighing heavy on organizations, and the ugly price tag that comes along with a data breach ($3.8 million), CFOs are a little on edge these days. According to Brian Honan, internet security expert, “lack of investing in cybersecurity can result in false economies as the cost and damage of a breach often outweigh those associated with preventing the breach in the first place.” What do we conclude from this? That IT can use this expensive consequence as an opportunity to invest in automated security tools and end-user management.

The wrap up

Have a plan. Invest in IT security to ensure the stability of your business. Educate your employees, and set restrictions on their portable devices. Lastly, utilize your CFO’s fears for proper investment.