New report takes a fresh look at cybersecurity and cyber hygiene
CYBERCRIME is something that all business leaders are keen on discussing, but the real cost of cybercrime (or security) is something that doesn’t receive due attention.
Over the past years, we’ve seen how corporate cybersecurity lapses not only cost companies money but also damage their reputation beyond repair, sending the company on a downward spiral.
According to a new report by consulting giant Accenture, cybercrime could cost companies US$5.2 trillion in additional costs and lost revenues over the next five years.
The value is congruent with reports from other agencies, experts, and security analysts in the region.
The Herjavec Group, for example, issued a similar projection last year suggesting that cybercrime damages would cost the world US$6 trillion annually by 2021.
Obviously, the risk is great, and with new-age digital policies such as bring your own device (BYOD) and implementation such as the internet of things (IoT) creating more vulnerabilities than cybersecurity professionals can possibly track, companies constantly find themselves over-exposed.
“Our expanding attack surfaces, built onto an aging internet that wasn’t conceived with security in mind, are opening us up to a whole host of new vulnerabilities faster than they can be secured and trust is eroding,” Accenture’s Security Lead for Asean Andrew McLauchlan told Tech Wire Asia.
As a result, CEOs are increasing their spends on cybersecurity, looking for new and innovative solutions to help protect their business.
Gartner projects that such spending was more than US$123 billion for 2018 and will grow by 10.8 percent per year to nearly US$170.5 billion by 2022.
Given the growth in demand, the number of vendors and startups providing solutions have also significantly increased, prompting several venture capitalists to plonk their money into new cybersecurity ventures.
On reviewing data from CB Insights, Accenture’s analysts found that investments to the tune of almost US$33 billion were made in 2,479 security startups since 2009, exceeding even investments in blockchain, which have surged with the interest in business applications and cryptocurrencies.
In fact, some of the most exciting cybersecurity startups are experimenting with artificial intelligence (AI) and how that can help find and prevent attacks on the fly, transforming the meaning of cybersecurity for businesses altogether.
The use of AI might seem to make logical sense, but the MIT Technology Review calls it “a dangerous gamble”, and for good reason.
Experts warn that companies are simply launching such solutions because customers (companies) have bought into the AI hype cycle — and that their offerings need more “training” before they can actually provide a strong defense.
However, you can’t really blame companies for looking for new solutions to fend off attackers. There’s a lot of confusion, and it seems as though some protection is better than no protection at all.
According to Accenture’s latest study, 59 percent of organizations say the internet is becoming increasingly unstable from a cybersecurity standpoint and they are not sure how to react.
The bottom line, therefore, is that it’s time for companies to make sure they’re doing all the right things to protect themselves.
And while fending against sophisticated cyberattacks might be difficult, companies must realize that going back to the basics and following certain “cyber hygiene” techniques is a great starting point.
“The good news is that if digital trust can be secured it adds about 2.8 percent annual revenue growth over the next five years to global corporate growth that will otherwise be at risk,” pointed out McLauchlan, who believes that companies that get it right can bring great value to their business.
Here are some ideas to help companies looking to get great at cyber-hygiene:
# 1 | Train your people
When a company starts using technology that many or even most of its relevant employees don’t understand, the firm is bound to suffer from lost opportunities or higher cyber vulnerabilities—or both.
Security will be determined by the company’s weakest link; often that is an employee who inadvertently presents the opportunity for a breach.
Yet systematic training is, in general, still not accepted as a basic practice, even with attacks increasing in frequency, size and scope. Incentives are also important: Some companies are linking executives’ remunerations to security.
# 2 | Protect against phishing
Hackers often use social engineering tactics, such as phishing, to attack companies, so training to avoid falling in this trap is especially important.
# 3 | Strengthen your passwords policy
Though it sounds obvious, many companies still struggle with the implementation of cybersecurity basics, such as sound password policy. Multifactor authentication should be the default option for every business.
# 4 | Never ignore patches
Unfortunately, when a company detects a vulnerability, the fix is often put off until security managers and staff “have time.” Now is the time to prioritize fixing any detected weaknesses.