I’m back at my desk after a relaxing holiday vacation. It was a pretty quiet time for cybersecurity, too. The only really disturbing news I saw during my holiday involved a data breach at Chick-fil-A and the new theory that the Sony breach likely wasn’t done by North Korea but by an insider (but then again, some of us were questioning insider involvement from the beginning).
You and I know too well that this little lull in cybersecurity news won’t last very long, but I do think that this is a good time for companies to review their cybersecurity procedures and policies. We saw the damage from the fallout after the Sony incident and I think Target is still picking up the pieces from its breach a year ago.
Near the end of 2014, Ponemon released a study, “2014 Cost of Cyber Crime Study: United States,” that shows just how expensive and damaging a breach can be: It revealed that it can cost upwards of $20,000 a day for incidents that may take, on average, a month to fix. Jon Oberheide of Duo Security pointed out that SMBs need to be especially concerned about these breach costs, telling me in an email:
While the mega-breach-du-jour gets the most media attention, Ponemon's study calls out an important distinction: The impact of breaches is much greater on small and medium businesses than the large enterprises. The real challenge in cybersecurity is how to protect the millions of businesses who don't have an enormous security budget or a large roster of top security talent to defend their organization. And yet, they face the same attacks and adversaries as the big guys. So while companies like Sony face dramatic consequences in the short-term, they will rebuild, recover, and revisit their security strategy to continue their operations in the long-term. But if you're not a Sony-scale company ...you may just have your business effectively wiped out.
So what steps can you take now to better protect your business from a damaging attack in 2015? First, as Mark Samuels stated in a ZDNet article, it is important to have a clear-cut cybersecurity leader in your company, but also, every single employee needs to be on board with the security policies and must do whatever they can to engage in better security practices.
Second, IT should consider its security budget and what it is focused on. In an eSecurity Planet article, Ann All wrote that smart spending involves assessing the current network and security environment, taking note of what the company is doing now and discovering where the weak spots are. Rather than just throwing money at security concerns and hoping that will fix everything, it is better to truly understand what the risks are and how to most efficiently consolidate spending efforts.
Finally, make sure you know what you are working with. IT departments need to know what devices are accessing the network and also whether or not the device owners are following security protocols. After gift-giving season, there will be a lot of new devices accessing the network, so now is the time to assess the network and talk to your users about security policies.
Evaluating security is something that has to be on-going, of course, but what better time of year to take a closer look at the cybersecurity situation than at the beginning of the New Year, when everyone is looking for a fresh start?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba