Responding to Cybersecurity Threats: Active, Not Passive

October 26, 2015 by Andreas Krebs

Laptop_SecurityGiven our complete dependence on technology these days, the need to protect our sensitive personal data is more urgent than ever. With our financial accounts, medical information and other important data up in cyberspace, both people and companies are now more vulnerable than ever to attack.

In a recent Government Accountability Office (GAO) report, cybersecurity incident reports zoomed from only about 5,500 in 2006 to over 67,000 in 2014 - a whopping increase of 1,121 percent. And in PwC's latest Global State of Information Security Survey, respondents report a 48% increase of information security incidents, between 2013 to 2014 - from 28.9 million to 42.8 million.

These results drive home a sobering point. Cybersecurity attacks affect everything: governance, finance, health care, and retail are only the most hard-hit segments in hackers' cross-hairs. And these are only the ones that ping the radar: research cited in the PwC survey suggests over 70 percent of cybersecurity incidents go undetected!

These days, simply installing antivirus software on your computer system isn't going to cut it (not that it ever did). "You were told to create these firewalls and install antivirus software and hunker down behind that," explains Theresa Payton, founder/CEO of Fortalice Solutions and former Chief Information Officer for the administration of President George W. Bush. "That isn’t going to work. You need to go on offense."

More enterprises these days now take Payton's advice to heart: the PwC survey shows how companies are responding to evolving cybersecurity threats, and the core safeguards they're putting in place. Here are their top three responses:

Have an overall information security strategy
58 percent of respondents confront the cybersecurity challenge by creating a plan that mitigates their most likely risks. In these days of increasing BYOD (Bring Your Own Device), a comprehensive strategy takes mobile devices into account, as these often tend to be the weakest link in the chain.

Prioritize employee awareness and training
Information security is everybody's job, not just the Chief Security Officer's: 53 percent of companies in the PWC report say that they train their personnel regularly in cybersecurity measures, from establishing basic security practices to setting up Internet-use guidelines that govern the company's cybersecurity policies.

Set security standards for third parties
About 52 percent of all PwC respondents now include third parties in their cybersecurity strategy. Vendor contracts should be checked and renegotiated to ensure their compliance with your plans.

The alternative can cost you a pretty penny. In a 2014 study published in the Journal of Operations Management, the negative effects of a cybersecurity incident are magnified when a third party is found to be responsible. "We found overall negative stock price movement after the data breach announcement,” research lead Michael Wiles later explained. “What’s interesting is that the negative return is more negative in cases where the service provider is responsible for the breach.”

Security Quiz CTA

We're on the last week of October - National Cybersecurity Awareness Month - and if you feel your company's cybersecurity strategy is not moving in the right direction, take our security quiz here: http://www.allcovered.com/security/it-quiz/. After answering its questions, the results can show you how well your IT security can stand up to most contemporary threats, and point the way to creating an action plan that can reduce cybersecurity risks to a minimum.