Skip to content
Every company, every household and every institution should take cybersecurity seriously. As the world becomes more connected, cyberattacks are getting more sophisticated. Fortunately, cybersecurity is also getting more sophisticated, and though the threat of an attack remains very real, organizations have the security tools they need to keep their data safe.
Cybercrime has enormous destructive potential
Cybercrime may be committed out of sight, but it’s all around us. According to McAfee, the global cost of cybercrime in 2017 was about $600 billion. We’re all used to seeing statistics with large numbers attached, but $600 billion is almost one percent of the entire planet’s GDP. That’s far more than enough to disrupt many of the world’s economies. And that’s just the start because the numbers are climbing exponentially. In 2021, the cost of cybercrime is estimated to reach $6 trillion.
The Ponemon Institute, a research center focused solely on data protection, states that 54 percent of all businesses experienced at least one successful cyberattack in 2018. Many of those attacks only cause frustration and some wasted time, but even a short-lived exploit can leave a business in ruins. Consider, for instance, that 60 percent of all small and medium companies that suffer a cyberattack go out of business within six months of the attack. That’s a staggering number of business casualties from one source. Cybersecurity is something that organizations can no longer put off.
This is especially true when one considers the many vectors of attack that cybercriminals have at their disposal. Some of the recent headline-grabbing instances of cybercrime were launched through a seemingly innocuous route, such as the 2013 Target breach that cost the company hundreds of millions of dollars. During that attack, the company’s payment information was accessed through a third-party HVAC vendor – an angle that most businesses would never see coming.
Important components of effective cybersecurity in 2019
Fortunately, organizations are quickly catching on to the importance of cybersecurity. Though major data breaches will continue to increase, proper cybersecurity is reducing the likelihood of those events. Even better, modern cybersecurity measures are available to businesses and organizations of all sizes, so companies can choose not to be vulnerable to attack.
What does that approach look like? It should include these elements:
- An organized framework – Cybersecurity initiatives succeed or fail in the planning phase, so tight, detailed organization is a must. Organization is only one part of the equation though, as cybersecurity plans must be comprehensive.
All people, technology and processes must be incorporated into the cybersecurity plan, and this plan trusted to the executives to oversee. This framework must account for the company’s data, too, and this is where it can get tricky. With an increasing number of devices connected to enterprise networks, there’s often no easy way to account for every piece of data.
This issue is amplified when the cybersecurity plan’s larger scope must be executed, which should include the company’s third-party vendors and account for all possible vulnerabilities. That’s a daunting task, but one that organizations have to start with to ensure the plan is properly implemented.
- Cyberattack modeling – Ideally, organizations would challenge their cybersecurity procedures from the outside. By testing the system’s vulnerabilities from without, organizations get a clear look at where the weak spots are, and what kind of damage those weak spots could produce. Cyberattacks often target the same types of data, and by modeling an attack, companies can verify that their most valuable data is kept safe.
- Incident response – Ideally, in the future, cybersecurity may be 100 percent reliable, but even guarded organizations may still face the rare breach. Should that happen, it’s essential that the company have a response plan in place. The faster the company responds, the better its chances of minimizing damage, and reputation. Unfortunately, many organizations allow these plans to languish, so they aren’t ready to go when an attack does occur. It’s best to drill incident responses regularly and in an organized fashion to ensure constant readiness.
- Keep an eye on the data – Some of the worst breaches are caused by accident, often by careless employees, and many cyberattack vectors emerge from this fact. Companies should have detailed processes in place in how employees connect to the network, how their security credentials are established and what access employees are given. It’s generally a good idea to limit employees’ access to the network to reduce cyberattack potential and change out employee credentials regularly for the same reason.
- Don’t neglect the backup – IT experts have been telling the rest of us for years: Back up your data. That’s especially important for cybersecurity reasons, as a simple ransomware attack could hold the company’s data hostage. As frustrating as this is, it’s easily avoided with a simple data backup. Data backup is only a fallback option, but it’s a fallback that’s easy to implement and extremely reliable. Don’t go without it.
- Secure your servers – Firewalls and malware blockers are essential parts of server security, though they are only the first layer. Deep server hardening is also effective, as it includes additional authentication methods and tighter monitoring of server processes. IP restriction, two-factor authentication, adapting SSL and TLS for services, assigning file system privileges, isolating applications and keeping software updated are all valuable parts of a server security plan. A server security plan is part of an effective cybersecurity approach in 2019.
Cybersecurity should be a top priority for organizations in every sector and business in every industry. It’s attainable for every business, and the potential damage left behind by a cyberattack can be extreme. As one neglected vulnerability can be enough to result in catastrophe, smart, comprehensive cybersecurity planning is needed more in 2019 than ever before.