A Cybersecurity Plan to Reduce the Growing Risk of Cyberattacks

Learn the importance of focusing on the expanding and evolving trends in cyberattacks and how more attention to cybersecurity efforts can reduce loss risk.  

Unwanted intrusions and cybercrimes shake confidence in your business. Public consulting firm Accenture reported in its 2019 Ninth Annual Cost of Cybercrime Study, co-authored with Michigan-based Ponemon Institute, the value of cybercrime on a per organizational basis increased more than eight times (829 percent) from $1.4 million (USD) to $13 million (USD). Additionally:

  • The global risk (loss) value to companies over the next five years (2019–2023) who do not address their cybersecurity vulnerabilities is $5.2 trillion (USD).
  • Security breaches increased 11.5 percent between 2018 and 2019 from an average of 130 to 145 per organization.
  • Cyberattacks are evolving and the target of these attacks expanding. While information or data remains the number one target of cyberthieves, their attacks are expanding to include industrial controls and people (by way of phishing scams and ransomware).

These trends in cybercrimes are, at the very least, alarming. It should serve as a wakeup call to businesses such as yours to beef up cybersecurity efforts to protect the integrity of your data, systems, and keep users from becoming susceptible (victims) of cyber scams. This requires more than vigilance; it is time to commit to learning the techniques business like yours employ to mitigate the risk of cybercrimes.

Protecting Data is Not Just A Priority – It is Becoming Law

The growing number of attacks and their impact on businesses has resulted in unified privacy legislation among European Union (EU) member states and sectoral laws passed in the U.S. The EU’s approach, the Data Protection Directive, first passed in 1995, has been superseded by the European General Data Protection Regulation (GDPR) passed in 2014 and became effective as law in 2016. The GDPR provides enhanced protection directives for the transfer of data in and outside the EU and non-EU members within the European Economic Area (EEA).

The U.S. approach (sectoral), involves the passage of sector-specific privacy regulations. The most common laws are the Health Insurance Portability and Accountability Act (HIPAA), Safe Harbor Act, and United States Privacy Act. Additional laws that ensure privacy protections for individuals, particularly against the evolving trends in technology include the Cable Television Protection and Competition Act, the Fair Credit Reporting Act, and the Video Privacy Protection Act. These laws are not limited to the federal level as the California Consumer Protection Act (CCPA) was enacted into law in 2018.

A Commitment to Cybersecurity to Derive Value and Reduce Attacks

Halting the rising value of cybercrime requires a top-down commitment on your part to analyze, design, and implement proactive measures. The Accenture–Polemon Institute annual study suggests three things which should be done to unlock the true value of cybersecurity efforts:

  1. The rise in people attacks requires a reexamination of it as a priority in your cybersecurity mitigation efforts. People attacks are growing. The number of malware launches, phishing attempts, and other individualized efforts to gain illegal access to your data and systems requires more user education and testing of vulnerable access points to reverse this trend.
  2. Understand how privacy regulations should be integrated in your plans to limit the loss of data and the resulting disruption to your business cyberattacks create. As was mentioned above regarding requirements of business working within the EU and EEA as well as sectoral requirements in the U.S., privacy regulations must be understood and, here applicable to your business, folded into your cybersecurity approach.
  3. Invest and look closely at the technologies that can help you reduce the rising cost of cyberattacks. Reduce the vulnerabilities of people directed attacks by implementing security-based intelligence and advanced analytics, as well as more system automation.

Addressing network security must become as important a part of your IT strategic planning as cloud deployment and increasing social media interactions. The attention you pay to the growing trends in cybercrimes and the potential risk in terms of money, time, and reputation will pay huge dividends down the road.