2017 was a pretty busy year for cyber criminals: Ransomware, large-scale data breaches suffered from blue chips like Yahoo and Whole Food are just the tip of the iceberg. Because of it, businesses worldwide are beginning to understand how important cyber security is, and just how much it costs to let vulnerabilities go unaddressed.
As we move further into 2018, companies large and small need to make more concerted efforts toward protecting themselves. In support of that priority, this article discusses what an incursion can cost you, what are the biggest threats to watch for this year, and what you can do to protect your company.
The Costs of Cyber Attacks and Data Breaches
As of the most recent estimate, the average global cost of a data breach is $3.6 million, or $141 per data record. That may seem high, until you realize that the average in the United States is actually $7.3 million. Keep in mind, this is an average, and there’s a rather disparate range being accounted for; individuals and small businesses will obviously be on the lower end, as in many cases, they don’t have $7 million in liquid assets.
Obviously, size has an impact on the cost of a breach. Less than 10,000 compromised records result in an average cost of $1.9 million (which largely accounts for the aforementioned small businesses), while breaches of 50,000 records or more sit higher on the scale, with an average of $6.3 million. Regardless of the size, these numbers tend to represent amounts that many businesses would consider dangerous or even fatal to their livelihood.
Threats to Watch for in 2018
The list of potential threats is too long to list comprehensively here, but here are a few of the major ones:
Phishing attacks these days are becoming incredibly sophisticated, and with the addition of artificial intelligence and the advent of spear phishing, it’s becoming easier and easier for hackers to peddle their malware on unsuspecting users.
Last year taught us that ransomware can do serious damage and that it can create massive profits for cyber criminals. Expect that lucrative crime trend to continue, as they branch out to hit other large businesses, as well as small businesses that need their terminals to be able to process payments.
The typical data breach, hackers are using a variety of methods to get their hands on valuable records and PII. Tactics include injection attacks, password cracking, social engineering, and much more.
Exploitation of Poor PKI Management
Lastly, we have one that sometimes affects your reputation more than it does your finances (at least initially). Poor PKI management can result in various exploitations, including the theft and misuse of keys and certificates, and M-i-t-M attacks. Users can easily be convinced to accept a server or piece of software as authentically coming from your company, when really it’s coming from a malicious source.
How to Protect Your Company
Being proactive is critical if you intend to protect your company, your customers, and your users. Here a brief list of steps you can take to shore up the defenses:
- Educate your team on password best practices, and safe online behavior
- Enlist the help of a third-party security solution
- Automate your PKI management and key/certificate renewal
- Practice penetration testing
- Keep software up-to-date
Maintaining strong cyber security isn’t easy, but the cost of failure is high. Do what you can to protect your company’s systems, or you may find yourself facing the kinds of costs and defamation that befell Yahoo and Equifax.