By: Lou Morentín, VP of Compliance and Risk Management, Cerberus Sentinel (CISO)
Is Your Business Under Siege?
Increasingly, cybersecurity has become part of the national conversation, as it not only presents alarming risks to national security, it touches on nearly every aspect of modern life, from Wall Street to Main Street.
On May 12, 2021, the Executive Order on Improving the Nation’s Cybersecurity noted an increase in “persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”
Cybercriminals have not only kept pace with technological advances in their ability to execute multivector predatory attacks, they have also made sure to exploit individuals, businesses, and organizations that have neglected to stay current with cybersecurity technology to safeguard their personal information, intellectual property, and sensitive business data.
Since 2005, the Identity Theft Resource Center has tracked publicly reported data breaches in the United States and according to the Identity Theft Resource Center’s 2021 Data Breach Report, there were 1,862 breaches, with a significant rise from the previous year at nearly a 70 percent increase.
Overall, cybercriminals have become more calculated and targeted in their efforts, moving from mass data acquisition to more specific data types across sectors.
In fact, every business organization, large or small, should operate with a heightened cybersecurity culture – one that is not merely a series of processes and procedures but rather, an intrinsic culture of cybersecurity.
In The Event of an Incident
In the past decade, work environments have dramatically shifted, relying more frequently on cloud-based IT support, data sharing, and interoperability – as well as the integration and use of numerous SaaS applications to navigate all aspects of even just a single day of business operations.
Remote working conditions during the pandemic served to accelerate this trend, making the need for a robust IT environment essential to ensure confidence and protection for any business operation.
Identifying risks, compounded by the pandemic, exposed vulnerabilities associated with migration to remote working environments. A remote workforce has often meant simply handing off a laptop to your employees and expecting the best.
For savvy organizations, modifying their infrastructure to facilitate a successful and secure workforce meant an investment in both time and reputation. The cost of a data breach could mean more than just lost revenue and stalled operations; it would mean building back lost trust from investors and consumers alike. In other words, mitigating risk includes more than just prevention. It means making your tools work better, faster, and more efficiently to achieve proper response times.
In 2020, the average cost of data breach rose from $3.86 million to $4.24 million in 2021 per organization breached, namely due to the time it took to identify and remediate a breach (287 days). The longer attackers stay in your systems, the more it costs you.
And in this same time period, privacy budgets doubled to an average of $2.4 million per organization – including smaller organizations of about 250-499 employees to larger organizations of more than 10,000 employees.
How to Close the Risk Gap
Reducing risk in an IT environment means a serious audit of all aspects of your business – from your IT infrastructure and SaaS to everything else, especially your personnel. Active threats can detect and exploit vulnerabilities with alarming efficacy, causing significant disruption. The most common areas of concern include:
- Password Attacks
- SQL Injections
- Man-in-the-Middle (MitM) Attacks
- Denial-of-Service (DOS) Attacks
- Zero-Day Exploit
- Cross-site Scripting
- Internet Things of Attack
Inadequate vulnerability management amplifies your risk. Gaps in compliance or a lack of understanding protocols, policies and procedures place most businesses at systemic disadvantages. Mitigation of exposure represents only part of the equation in what should be a comprehensive strategy that adopts cybersecurity literacy, i.e. awareness for all end users, as standard operating procedure.
Fortunately, these issues can be addressed by 1) prioritizing patching projects by risk and getting support to help you patch your more difficult systems, 2) working with a risk advisory expert to identify gaps in policy and procedure, and 3) going beyond simple “check the box” security training subscriptions to involve experts who can help ensure your teams are truly demonstrating mastery of new concepts.
Recovery & Rebuilding Trust
In a globally connected marketplace, information moves with lightning speed across media platforms, crossing borders, informing boardrooms and shifting public opinion in a matter of minutes. A cybersecurity incident has the potential to have a profound and lasting impact on a business – if it can even survive such a disruption.
In 2017, the Equifax data breach revealed home addresses, phone numbers, birthdates, social security numbers, and driver’s license numbers of 147.9 million Americans, along with 15.2 million British citizens and nearly 20,000 Canadian citizens. The breach went undetected for more than 75 days, began in May and was finally discovered on July 29, 2017.
After disclosure, widespread criticism and an avalanche of lawsuits followed, not to mention the financial cost to Equifax totaled more than $1.7 billion.
Additionally, the immediate impact to Equifax’s reputation triggered a loss of investor confidence, as the share price tumbled 34 percent in about a week.
Good cyber-hygiene, a 24x7x365 monitoring and response system that leverages active threat hunting, closes gaps in visibility, and provides rapid alert triage and remediation beyond automated responses that could have mitigated the fallout from the Equifax data breach.
Risk readiness requires data-driven insights to make better decisions to implement cybersecurity programs that fit your company’s business, taking an agnostic approach that allows the agility to deliver results in even the most complex environments.
Risk readiness also means understanding what you don’t know about cybersecurity and the totality of your IT environment. Partnering with a dedicated outside support specialist ensures that your entire environment experiences continuous improvement, while avoiding personnel gaps. More importantly, the hive mind of a dedicated cybersecurity organization brings the expertise and experience that can help your organization select the best solutions to meet your needs and keep your business safe, secure and highly functioning.
True cost of a data breach: Understanding the True Cost of a Data Breach – remote cybersecurity supports and protects large or small businesses from data breaches. Cerberus Sentinel specializes in cybersecurity solutions that build a culture of security within an organization, enabling them to improve security, lower risk profile, optimize IT infrastructure, and meet regulatory compliance demands with extensive and comprehensive compliance review. Our Philosophy – Cybersecurity is a culture, not a product®. We believe culture is the foundation of every successful cybersecurity and compliance program. To deliver this outcome, we developed MCCP+ our holistic approach that ensures you’re secure in every area of your business. We are a publicly traded cybersecurity company listed with ticker CISO. A nationwide provider of consulting and managed services, with offices and resources across the USA, we specialize in building a culture of awareness for our clients. Founded with the belief that an acquisition approach is the best way to address the industry-wide skills gap. We are focused on cybersecurity, compliance, and the culture that drives success, acquiring world-class engineering talent who utilize the latest technology to create innovative solutions to protect even the most demanding businesses and governments against continuing and emerging threats. True Cost of a Data Breach.