Mitigating cybersecurity risk with informed action
Executives have increasingly prioritized cybersecurity over the past few years, and their concerns about shoring up their companies against digital threats were largely fueled by a number of highly publicized data breaches affecting businesses of all sizes, from startups to international corporations.
Firms across industries struggle with cybersecurity
The healthcare industry has been hit particularly hard by cyber threats, as illustrated by the Ponemon Institute’s Third Annual Benchmark Study on Patient Privacy & Data Security, which revealed that four in 10 organizations within the sector suffered five or more data breach incidents last year. Even more troublingly, the findings laid out in Verizon’s 2013 Data Breach Investigations Report indicated that 15 percent of attacks involved malicious insiders, who used their unique knowledge of their organizations’ inner workings to their own advantage.
Cybersecurity is a massive problem across all industries, with cybercriminals growing more sophisticated all the time and professionalized syndicates mobilizing to take breaches to the next level. Indeed, the country’s intelligence agencies estimate that hundreds of billions of dollars’ worth of research and development in the United States have been compromised by foreign hackers. U.S. banks alone suffered a more than $100 million loss in the first six months of 2013, the Verizon study found.
Cloud computing, BYOD contribute to risk
Another trend that has taken off in the past few years – cloud computing – inadvertently made many firms more vulnerable to breaches. A report from the Office of the National Counterintelligence Executive (ONCIX) pointed out that while the cloud does provide some security benefits, such as off-site backup that mitigates data loss in the event of a disaster, it also complicates the division of responsibilities. Moreover, “the movement of data among multiple locations will increase the opportunities for theft or manipulation by malicious actors,” ONCIX noted. Ultimately, this makes vendor assessment and relations key components of companies’ security strategies.
Given that cybersecurity is top of mind for many executives, it is surprising that the vast majority of firms do not have a tight grip on the risk and compliance issues surrounding the bring-your-own-device movement. Indeed, according to research by Bradford Networks, HP, MobileIron and SANS, fewer than one in 10 surveyed professionals said their companies were “completely” aware of what devices were accessing their business resources.
“We were shocked to find that while more than 60 percent of organizations allow their employees to bring their own devices, only 9 percent felt they were fully aware of the devices accessing corporate data,” said Kevin Johnson, senior SANS analyst and author of the survey, in a statement.
A total of 38 percent of respondents said they were “extremely” confident in their knowledge of the devices accessing their data, which they characterized as having 75 percent or greater visibility, but not 100 percent. Meanwhile, 35 percent were “fairly” confident (40 percent to 75 percent) visibility, 14 percent reported “vague” awareness (less than 40 percent but more than 0 percent) and 4 percent were not at all knowledgeable about device access.
Ultimately, although corporate concerns about cybersecurity are unlikely to go away anytime soon, there are several proactive solutions that executives looking to shore up their protections can deploy, such as risk mitigation and diligent, effective defense.