It’s easy to tune out headlines on breaches and other cybercrime because it happens so often and with an increasing number of breached records. In some cases, we saw triple-digit increases in 2015 breach costs over 2014 [1]. This can't be a recurring issue. It's time for businesses to get serious about security in 2016.

Getting Serious About Security in 2016

Computer Weekly recently released their overview of the Top 10 cybercrime stories of 2015. There’s a recap of some of the major breach stories and even some other ones that may have flown under your radar. The worst part is, this barely scratches the surface of reported breaches in 2015 [2], let alone unreported breaches.

I wonder how many of those breached companies thought they were safe or at least thought there was a very low risk of a breach. It’s impossible to say but it’s something that makes you wonder.

Complacency Is a Killer

Not to say those major breaches were the result of being complacent about security but I have run into some folks who say “we’re protected enough. We don’t have valuable data.” Quickly visiting an issue or even worse, ignoring it outright, will not make the threat of cybercrime go away.

All business have a duty to protect their information regardless of the business they’re in. This includes businesses in the more obvious need of protection, such as banking, and the less obvious need of protection, such as restaurants. If you sell a product or service, the chance of personal data being stored on your network is high.

Cybersecurity is no longer just an IT issue. It’s part of responsible business management, and it’s been that way for a while. Businesses need to understand exposure to threats – plain and simple. Otherwise, the business’ survival is doomed.

I suppose the reason why people aren’t alarmed about cybercrime is that they do not understand the repercussions. One breach can lead to another breach. This could be from the attacker using a compromised password and succeeding because people reuse passwords across their accounts. Or it could also be the attacker gets sufficient information from one breach to attack a whole other business and cause another breach. Another aspect – breaches are expensive and a business may have to cease operation in order to pay for the cost. Another way damage could be done is stolen trade secrets and other company assets that if leaked or sold, could cause irreparable harm to the business.

Great, So What Can Be Done?

Build up security.

It needs to be built up, not simply added on after a 30-minute meeting.

Stating things like “Like safety, security is everyone’s responsibility” is not enough. Yes it’s true, and you can even put up signs everywhere that remind everyone of this fact, but it’s more important to create a culture of security that involves everyone.

Get people talking about security but don’t get too complicated. When a culture, policy, or vision isn’t clear it won’t be followed, no matter how hard it’s ham-fisted. The goal is to get people to want to be secure, in their business and at home.

Like any big project, building up security takes time. Figure out how to start or bolster existing security. Don’t start thinking about it post-breach.

If someone told you “we’re protected enough. We don’t have valuable data.” How would you react?

Resources

[1] Top 10 Cyber Crime Stories of 2015 at ComputerWeekly

Previous years:

Pin It on Pinterest