Regardless of the industry, size, or resources available, governments and organizations will never be 100% immune from today’s cybersecurity threats. Last year alone, around 1 billion accounts and records were compromised worldwide, despite the fact that over $80 billion was spent on cybersecurity that same year. Never before has there been such an urgent need to act and prepare. Therefore, a strategic approach to addressing today’s cyber risks and the ability to respond across an entire organization, with prioritization to the most critical assets is imperative. Risk mitigation and incident response plans should be practiced, tested, and adjusted to ensure that best practices and appropriate security controls are being implemented at all levels and in all industries, ranging from our nation’s critical infrastructure to your organization’s infrastructure.
According to Department of Homeland Security, the nation’s critical infrastructure provides the essential services that underpin American society and serves as the backbone of our nation’s economy, security, and health. There are 16 critical infrastructure sectors, and they are an essential part of everyone’s lives, as these sectors’ systems power the electricity we use, transport the food we eat, and keep us connected online. With the advancement of technology, the sectors are all connected digitally, and if a piece of critical infrastructure is compromised, it will not only disrupt consumers’ lives, but could have a crippling effect on your business as well. Protecting your organization’s infrastructure is just as important as protecting the nation’s critical infrastructure. Financial institutions collect and store sensitive data, and the more sensitive data you hold as a company, the greater your risk of becoming a cyber victim.
Primary Risk Types
Surprisingly, the greatest threat in enforcing cybersecurity tends to be employees. According to 2016 Cyber Security Intelligence Index, “insiders”, or anyone who has access to your institutions assets, continued to be the greatest cybersecurity threat. Sixty percent of all attacks were carried out by insiders, an increase of 5% from the previous year. Reasons could range from negligence to malicious intent.
There are three primary types of insider risks:
- Employees simply displaying a human error: This can range from misplacing the office equipment (such as an employee laptop) to sending confidential data to an unsecured home systems. Even though there’s no spiteful intent, this can be very costly.
- Malicious employees with vindictive intent: A disgruntled employee whose intent is to steal and damage your organization’s data can be detrimental. Some may steal competitive intelligence, while others will sell data for a profit.
- Cybercriminals hijacking your employees’ identities: Accessing your employees’ information not only gives hackers’ their sensitive data, but it may give them access to the system, leading them to even more sensitive information.
Because these activities are performed by trusted sources, your employees, there’s a tendency for these activities to go under the radar, particularly in the first two categories. When dealing with your employees, awareness is key to educating and communicating the importance of cybersecurity, and doing so can generate significant results. In fact, Ponemon recently calculated the effectiveness of anti-phishing training programs and found that the average-performing program resulted in a 37-fold return on investment, even taking into account the loss of productivity during the time the employees spent being training. However, even more than the success these steps can have in strengthening your businesses’ cybersecurity, improved security can better secure the critical infrastructure of our nation.
This year’s National Cyber Security Awareness Month (NCSAM)has concluded; however, your effort in keeping cybersecurity and risk mitigation best practices on the forefront of your employees’ minds shouldn’t stop. Utilize NCSAM’s vast library of educational resources and sign up for our newsletter for tips to share to with your employees throughout the entire year.