Cyber Attack: It Can’t Happen to Us (Until It Does)

Cyberattack: It Can’t Happen to Us (Until It Does)Just because your small or medium-sized business isn’t as well known as Equifax or Yahoo doesn’t mean you’re immune to becoming a cybercrime victim.Equifax likely has more brand-name recognition today than it’s had at any time in the company’s history, which dates back to 1899. It’s a safe bet that the consumer credit reporting agency wishes that wasn’t the case.
When well-known organizations are hit by a cybersecurity breach, it becomes front-page and top-of-the-hour news, because these cases affect tens of millions of consumers.
But just because your small or medium-sized business doesn’t have tens of millions of customers, or the name recognition of a Target or a Yahoo, doesn’t mean you’re immune to becoming a cybercrime victim. In fact, there’s a good chance that your SMB has been victimized and you don’t know it.
The Identity Theft Resource Center has tracked security breaches since 2005. They estimate that 1,055,228,349 unique records containing personal identifying information have been compromised in nearly 8,000 data breaches that have occurred between January 1, 2005, and November 22, 2017.
If those numbers don’t grab your attention, consider that the average cost for each lost or stolen record containing sensitive and confidential information is $141, according to the Ponemon Institute’s “2017 Cost of Data Breach Study.” That cost jumps for businesses in financial services ($245) and healthcare ($380). Those dollar amounts do not include the cost of notifying affected parties. They also don’t account for damage to your reputation.
Are your company’s pockets deep enough to weather that financial storm? Even if they are, wouldn’t you rather spend that money on marketing your products and services, new R&D, or business expansion?
SQL注入攻击已经有10多年的历史了,但是各组织仍未采用适当的措施来防范它们的数据免受这类攻击,它更多是应用安全的范畴,需要将安全内置进整个系统开发生命周期当中。
The notion that a business is too small to be a target of hackers or cyber criminals is simply not true. The bad guys are more sophisticated than ever, relying on artificial intelligence, bots, and other advanced methods to gain access to networks and data. Unfortunately, too many companies still choose to roll the dice, hoping they don’t get hit or persist in the mindset that “it can’t happen to me.” That’s an irresponsible position to take for any organization, of any size, let alone for one that holds sensitive consumer information.
What can a small business or a startup do to lessen the chance it becomes a cybercrime victim? Here are three commonsense steps that any business can take.
Train Your Team: Whether you employ three people or 3,000, every one of them is a potential security risk. Human error continues to be the primary issue in most data breaches. Companies need to take extra precautions to assure they are practicing safe cybersecurity hygiene. It starts with training everyone in the organization on the security best practices that reduce online risks. But cybersecurity training can’t be a one-and-done activity, or something that’s only relevant to the IT department. Just like a fire drill, it needs to be a regular regimen, a refresher course for everyone in your organization.
Assess Your Risk: Customer data, employee records, financial, legal, trade secrets, and other highly confidential information are the lifeblood of your company. When was the last time you conducted an inventory of all your data? Do you treat all data the same way, whether it’s confidential (financials, employee records, contracts, trade secrets) or nonsensitive (sales brochures, marketing materials)? Most importantly, what security measures do you have in place to protect this data? In the event of a breach, what contingency plans do you have in place for business continuity and disaster recovery so that your company continues to function? Finally, are there plans in place to remediate the breach as quickly as possible and to notify customers and other affected parties?
Ask for Help: Even if you’ve made a strong commitment to security, your responsibilities as a business owner or entrepreneur may keep you from devoting enough time to the task. That’s especially true if you’re managing the business’s technology while running the business. If you have tech professionals on staff, encourage them to stay current with training and industry certifications. Certified tech pros are better equipped to spot problems before they happen and to stop breaches and intrusions quickly if they do happen. If you don’t have IT personnel on staff, consider partnering with a technology company. There are many options available for pay-as-you-go technology services, and many reasons (reduced cost, predictable pricing, peace of mind) why businesses, small and large, choose to turn over some or all of their technology functions to a partner.
The tech industry is doing everything it can to provide products and services to combat cyberthreats as they emerge. But the best security technology products and the most comprehensive policies and processes will only work if companies are willing to use these tools and enforce the best practices to reduce their cybersecurity risk.
Related Content:
Deception: Why It’s Not Just Another Honeypot
The Critical Difference Between Vulnerabilities Equities & Threat Equities
7 Takeaways From The Equifax Data Breach

网络安全法网络宣传片 002 国家网络安全的现状与重要性概述
让ISP隔离被恶意软件感染的客户,可以帮助改进网络安全,可是用户可能不会认可这种增值安全服务。

猜您喜欢

Linux下网络协议分析器Wireshark使用基础
公共场所的信息安全意识保护信息资产
学习管理系统LMS 学员操作演示
格鲁吉亚前总统被捕 支持者堵路砸警车将其解救
ART LYMEINFO
创新技术SDN能否拯救网络安全