By Ryan Ayers, Researcher and Consultant
Chances are pretty good you’ve heard about data breaches in the news. In fact, if you’re like most consumers, you’ve probably even been affected by them in the past. Companies like Yahoo, Facebook, and Marriot, have all had breaches that compromised the information of many millions of people. There’s a decent chance you were one of them.
The point is, for those who aren’t careful, data breaches can happen at any time. Even if you have a cyber security system, there is a good chance it could benefit from an upgrade. In this article, we take a look at what benefits your business can see when it upgrades its cyber security system.
Once They Get in, It’s Too Late
One of the most nefarious aspects of data breaches is that they usually move as slowly and as silently as a deadly gas leak. The Marriot data breach—one of the largest ever recorded–is an excellent example. The breach itself happened all the way back in 2014.
Unfortunately for Marriot and its half a billion customers, the mega-chain didn’t notice until 2018. During that time an unquantifiable amount of data was compromised and the chain paid through the nose in fines.
While this is perhaps an extreme case, it’s also not exactly unheard of. Most breaches aren’t detected for at least six months. A lot can happen in that time. Once they do get in, it can take many more months to recover from the damage. Like any pest, it’s much better to keep them outright from the start.
It Can Be Very Expensive
Data breaches can also be very expensive. Naturally, there is the obvious cost of whatever gets compromised in the breach. There are other costs as well. For example, Marriot was fined $23.8 million for how it handled its customer’s information.
Of course, their mistakes had impacted hundreds of millions of people—more than most businesses have to worry about. Still, the fines can be significant, as can class action lawsuits and other associated costs that stem from breaches. Cyber breaches can also disrupt your productivity or even your supply chain.
While cyber security systems can be costly, they tend to be significantly more affordable than the price of your average breach when all the associated costs are tallied.
The Court of Public Opinion
Less quantifiable is the damage that data breaches do to your reputation. We live in a world where businesses are the custodians of their customer’s personal data. Are you an e-commerce site? If so, you probably have billing addresses and other key customer data points stored on your system.
Or, maybe you’re a subscription service. If so, you almost certainly have your customer’s credit cards on file. If you operate in the healthcare sector, you have patient records.
This is valuable information. If you lose it, your customers probably aren’t going to want to come back. And people who haven’t done business with you in the past, probably aren’t going to feel inclined to start any time soon.
It’s also important to keep in mind that there is a wealth of new technology out there that your current cyber security system may not be taking into account. IoT is a great example. The Internet of Things is a useful tool that can help businesses save money on utilities, while also making office management substantially easier.
It’s also growing by the billions of devices each year, which means it’s more than likely that most businesses will be using it in some form or another in the next decade. The problem? IoT devices are extremely vulnerable to hacks.
While they do not usually contain important information themselves, they can serve as gateways to important information. Smart thermostats, for example, have already been shown to be highly susceptible to hacking.
That doesn’t mean you should stay away from IoT—indeed, there are many reasons to adopt it. It does mean you should be prepared. Technology changes over time. So should your cyber security.
The Proliferation of Hacking
It’s also worth keeping in mind that hackers are more common than they used to be. Where once computer skills were an obscure niche hobby, they are now something that is taught in every school. While that doesn’t mean you need to worry about Mr. Keim’s sixth-grade tech skills class cracking into your system, it does mean the potential for problems is bigger than ever before.
Unfortunately, a significant portion of cyber threats come from the clumsy hands of human error. Big problems can emerge from small mistakes. Phishing emails are more convincing than ever, and all it takes is a few simple clicks for a well-intended employee to compromise an entire system. They take the bait, they forget all about it, and then six months to a year later, you see the ramifications.
Unfortunately, there’s no reasonable way to completely end human error. However, you can shore up its weak spots. With strengthened cyber security, paired with proactive training and awareness programs, you can sharply reduce many of the most significant sources of cyber threats.
Finally, there is the issue of compliance. Many industries are held to certain standards. To operate within the perimeters of the law, they need to be able to prove that they are taken certain measures to protect their customer’s information.
If you operate within one of these industries, the decision to upgrade your system may have already been effectively made for you.
Let’s say you don’t though. While you may not technically have to make the upgrades, you can consider it as a competitive advantage. PCI compliance, for example, is a status that demonstrates to customers that their credit card information will be protected when they shop with certain online merchants.
While there is no law telling eCommerce businesses that they have to operate within PCI compliance, they benefit from enhanced consumer confidence.
By upgrading now, you can enjoy that same benefit. You’ll also be ready to adapt to any new compliance regulations that might emerge in the future. After all, cyber security is an ever-evolving art. Businesses that are able to pivot rapidly into the right solutions have a significant advantage over those that are not.
Ryan Ayers is a researcher and consultant within multiple industries including information technology, cyber security, and business development. Always up for a challenge, Ayers enjoys working with startups as well as Fortune 500 companies. When not at work, Ayers loves reading science.
Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.