Cybersecurity is quickly becoming an issue that businesses across all industries are forced to contend with. While most online businesses, financial institutions, tech companies, and large corporations have systems and policies to protect their sensitive data, these often aren’t sufficient to cope with more sophisticated modern cybersecurity threats. Worse yet, many other businesses still don’t take cybersecurity seriously, and don’t take any meaningful steps to prevent potential threats.
Nearly all businesses in the developed world are at some risk of falling victim to cybercrime, and Australia and New Zealand are no exception. This is because virtually all businesses store sensitive information, and do so on improperly secured systems that are connected to the internet.
Understanding the potential cost of a cyberattack
Businesses often under-prepare for cyber threats because they seem ethereal and somehow unreal. They also underestimate the potential damage of a data breach, because they underestimate the value of their data. If they’re properly insured, they may even assume that they’ll simply be reimbursed for any potential damages. This often isn’t how things work out, though, because cyber insurance doesn’t usually cover losses due to mistakes made by the business or its employees.
The global average cost of a data breach is nearly $4 million, but that figure is inflated due to the sheer size of some major breaches. A more useful figure shows that each record stolen comes with an average cost of approximately $150. Larger data breaches involve hundreds of thousands, or millions of such records, while a very small business might only lose a few. Most businesses, though, have far more sensitive data than they realise.
Criminals can profit from any kind of breach, and almost any kind of data
The most obvious goal for a criminal might be to hold a system hostage with ransomware, or to steal credit card data, but cybercrime isn’t limited to simple fraud or extortion. Names, birth dates, contact information, and other personal information can be used for identity theft, or can simply be sold to other parties as part of a larger criminal supply chain. For example, a 21 year-old Australian was arrested on September 17 for using stolen personal data to funnel millions of dollars out of the superannuation and ASX share-trading accounts of multiple victims as part of an international cybercrime syndicate. The data used was purchased from other cybercriminals on the dark web.
At first glance, the idea that an attack might target customers, rather than the business itself, might seem reassuring to some. However, it’s important to consider the long term consequences of being a business that can’t protect its customers’ data.
Good cybersecurity is about building trust
Businesses rely on data. They need customer information to be able to market their products and services effectively, and to store even more sensitive information, such as credit card numbers, in order to manage returns or to process recurring payments. By neglecting the responsibility of protecting that data, businesses also risk losing the customers who supply both it and the revenues they rely on.
Consumers are becoming increasingly aware of the risks associated with sharing any kind of personal data, and are wary of trusting their information to businesses that are considered “unsafe”. According to a study by the Ponemon institute, 36 per cent of the cost of any data breach comes from the loss of trust in the business.
How to take control of your business’ cybersecurity
The first step in creating an effective cybersecurity strategy is to identify all potential vulnerabilities. While large corporations might maintain their own IT security professionals, most businesses will do this with the help of a professional, who will conduct a comprehensive IT security audit for their business, and provide them with recommendations on how to protect themselves going forward.
Often this means adopting both technological and procedural tools to protect data. For example, high quality software might be helpful in keeping out digital intruders, but it won’t work if a cybercriminal can manipulate an employee into giving them access, whether that’s by tricking them into clicking on a dodgy link, or by personally conning them into telling them a password. To secure their data, the business needs to protect themselves from both sophisticated digital attacks, and more traditional scams.
Unfortunately, there is no way to make any business 100 percent secure. However, businesses can make themselves into difficult targets, and they can mitigate the potential damage of any particular breach. For example, a simple way to limit the scope of any potential attack is to simply purge unused data regularly, rather than allowing years of customer data to accumulate over time. By recognising the risks posed by cybercriminals to both themselves and their customers, businesses can better mitigate and head off any potential losses.