With the number of high-profile data breaches growing, like the Yahoo and Equifax hacks as two examples, more and more businesses are aware that they’ll probably suffer one sooner or later.
However, even though they’re aware of the risks and the possibility of an imminent attack, a lot of businesses reportedly don’t know where to start in terms of data security and how to react when a breach does happen.
This is worrying…
In April 2017 security firm, Kaspersky Lab, conducted a study by surveying 5,274 IT and business decision makers across the world. They found that a 57% majority knew or expected a security breach at some point; an increase of 6% from the year before.
However, there was a lot of uncertainty as to what strategy would be best to prevent and tackle targeted attacks.
Looking at only the IT security experts’ responses, the uncertainty was even higher at a reported 63%, which is worrying as these are the very people who should know more about cybersecurity. Perhaps the IT security experts see much bigger risks and security pitfalls, whereas other decision-makers in a more general managerial roles may not have a proper understanding of cyberattacks.
With the increasing use of technology, cyber-criminals are also learning and creating more sophisticated attacks. Two-thirds of the survey participants agreed that attacks were becoming more complex, making it harder to distinguish between generic and complex attacks.
What is surprising is that a majority of companies think they’re spending enough to protect themselves against targeted attacks. A reported 77% believe they’re investing enough, or are even overspending, on cybersecurity. The study notes that this is probably a reflection of how threat protection is perceived. Many companies may believe that, as long as they’re buying cybersecurity products and services, they’re doing enough. However, it’s important to remember that investing in the right technology is not always enough; firms may also need to invest in the right people to utilise the technology and ensure that security protocols.
Only with the combination of up-to-date security technology, people with the right skills sets and compliance with security protocols can a firm have a far better chance of preventing internal breaches or weak points, and focus on creating a layered security wall. Some 53% of the firms admitted that they needed to employ more experts who specialise in IT cybersecurity, especially for management, incident response and threat detection.
Head of Kaspersky Lab’s enterprise business division, Alessio Aceti, said, “now that companies are starting to realise that cybersecurity breaches are a real risk to their business continuity, it’s time to give incident response the attention it deserves.” Aceti believes that cybersecurity shouldn’t just be the IT department’s responsibility, but that top level management need to be involved with strategic planning and investment, while everyday employees need to be trained to follow security protocols to prevent accidental gaps in security walls.
According to the Ponemon Institute, the average data breach can cost any firm $4million. For FTSE 100 firms, the average is reportedly an incredible $100 million. A much smaller investment in implementing and maintaining cybersecurity can save millions in legal and business costs, firm reputation and the risk of losing the consumers’ trust and confidence.