SPOTLIGHT ON CYBERCRIME -- A Growing Threat to Your Business
Cyber crime protection is essential today
Welcome again to Straight Talk, one of the ways Coranet shares perspectives on important issues and opportunities in network installation services and project management.
The decision maker research that we shared in the last “Spotlight” found that Technical Excellence was ranked at the top of the list of issues businesses care about when choosing a preferred technology support partner, especially when it pertains to network security solutions. For this Fall issue of Straight Talk, we’ll examine the current state of cybercrime -- a growing threat to companies’ computer security of all sizes, as well as an area where technical excellence on the part of the support provider can really make a difference in the business outcome of cyber-attacks.
By definition, cybercrime can be considered to be any criminal activity that takes place over a communications network. Business-oriented cybercrime spans a diverse set of activities -- from computer hacking designed to breech computer security and steal intellectual property or disrupt business operations, to theft of customer data for the purpose of financial fraud or embezzlement. The majority of cybercrime episodes remain hidden from public view, since most companies are reluctant to disclose when their computer security has been compromised. Disclosed or not, the actual business impact caused by cybercrime is huge. In a July 2013 article, the Wall Street Journal conservatively estimated that annual financial losses caused by cybercrime and breeches of computer security in the U.S. alone top one hundred billion dollars.
The What How and Why of Business Cyber Threats
For the past nine years, an annual study of global cybercrime has been conducted by a consortium of prominent network security solutions experts from Carnegie Mellon, Europol, Deloitte Risk Management, the U.S. Secret Service, Verizon and thirteen other cybercrime-focused organizations. Their 2013 report studied over 47,000 individual cybercrime security incidents and provides a clear view of all aspects of business risk associated with cybercrime.
The report opens with a summary statement that goes to the very heart of business cybercrime preparedness (or lack thereof):
“Some organizations will be a target regardless of what they do, but most become a target because of what they do.”
The cybercrime report makes it clear that every business is at risk -- whether SMB or Fortune 100. While it’s usually the big businesses that make the headlines, in fact smaller companies are more frequent targets by far to have their computer security breached.
Big or small, the bottom line is no business can afford to be complacent when it comes to protecting themselves from cybercrime.Who are the targets of cybercrime?62% Small/Mid Businesses38% Larger Enterprises
Although the vast majority of computer security breaches are performed by individuals outside of the firm, the difficult truth is that nearly a fifth of cybercrime episodes are committed by individuals on the inside who have the trust of the business.Who are the perpetrators?About 85% OutsidersAbout 15% Insiders (includes current employees, contractors, business partners)
When it comes to the “weakest link” in the business infrastructure, most managers and executives would probably be surprised that their end users represent the overwhelming choice by cyber criminals for “low hanging fruit” -- much more so than network fire walls or routers.What are the targets of cybercrime?71% End user devices29% Network devices
As might be expected, greed remains the driving motivation for the majority or cybercrime episodes, although one out of four incidents had a non-financial motivation, including vengeful employees and ex-employees bent on harassment or sabotage, and bright but misguided computer hackers.What is the motivation for cybercrime?75% Financial Gain25% Other (personal revenge, hacker challenges, sabotage) How difficult were the security breaches to accomplish?78% Low Difficulty22% Challenging How long to detect a computer security breach?34% took <1 Month to Discover66% took >1 Month to Discover
Coranet offers suggestions on preventing cybercrime
These last two views are particularly telling. As the study experts examined each of the computer security episodes in their data set, they evaluated how hard it was to compromise the business’ computer security. With nearly 80% of the intrusions being characterized as “low difficulty”, the unavoidable conclusion is that most businesses are not well-fortified or equipped to repel security attacks. This take-away is further underscored by the fact that in two thirds of the computer security intrusions, it took the affected businesses more than one month to recognize that they had been compromised.
How to Avoid Becoming a Cybercrime Casualty
As the cyber-criminal element becomes more cunning and ambitious, business network security solutions must keep pace. Putting the necessary devices and software applications in place to detect intrusions is clearly a key element in achieving a basic level of business preparedness. But by no means is it by itself adequate to successfully protect your business from attack.
The development and implementation of realistic and up-to-date computer security policies and procedures provides the essential underpinning for an effective business security approach, as does conducting regular, rigorous assessments of your potential vulnerabilities to external and internal intrusion. As the 2013 cybercrime report emphasized, ensuring an effective level of business protection is a constantly evolving “cat and mouse” situation that requires cutting edge insights on the latest criminal intrusion tactics and malware. Although some IT teams have the all of the specialized internal resources that are required, most firms are likely to need some degree of external expertise to help develop, deploy and manage a comprehensive and effective computer security solution.
Although we have been focusing on computer security breaches that take place through communication networks, it is worth noting that an effective business security strategy extends beyond cyber threats and also includes safeguarding the physical security of your sites in terms of entry, access and authentication controls.
In upcoming spotlights, we will examine the specific steps that you can take to protect your business from computer security vulnerabilities arising from the proliferation of end user mobile devices as well as the adoption of cloud-based services.