When a company as strong and profitable as Sony Pictures gets hacked, we all realize (again) that nobody is immune to concerted efforts to break through security barriers. Sony’s size and status were no shield. In its Q1 2015 financials, Sony allocated over $15M to the ongoing repercussions for the hack, and has diverted investment and funding to strengthening its infrastructure from the ongoing threat of cyberattacks.
That breach was the most noteworthy hacking incident in 2014. But hacking attacks are actually routine, daily incidents that mostly go unnoticed. A company the size of Sony Pictures will suffer an average of 13,000 attacks a year, according to PricewaterhouseCoopers (PwC). Each week sees 138 successful network attacks.
Such intrusiveness and frequency have made industry leaders quite apprehensive and wary about the growing business threat. Imax’s Chief Executive Officer Richard Gelfond spoke about it during a recent meeting of market leaders in Davos: “The one thing that really scares me is that if someone wants to get into your system, they can get in. Almost no amount of money will keep them out.” 3
Many share Gelfond’s somber outlook, but they don’t give up. Companies large and small set aside part of their annual budget to strengthen their information security.
The money goes toward fighting a number of different types of attacks. More than half the money is spent battling malicious codes, denial-of-service attacks, and malicious insiders. Even when these counter-efforts ultimately succeed, productivity is often sapped in the process that can take days or weeks to resolve.
Dynamic Quest Sales Engineer Marc Acampora cites “weak links” as the most likely cause of security breaches. He says standard firewalls block the thousands of attacks businesses are being hit with on a daily basis. But employees—even those with no ill intent—are most often the weak spot exploited by canny hackers. Workers with access to company information and passwords must be vigilant, but they are, after all, human.
Acampora advises a proactive approach to fortifying network security. He suggests holding quarterly audits to assess who has access to sensitive information, and making those team members aware of their role in maintaining security.
The United States Computer Emergency Readiness Team (US-CERT) recommends having a clear organizational leadership guideline, designating whom to approach and outlining what to do during attacks. It further advises keeping proper documentation of company procedures surrounding security, and the maintenance of a log documenting intrusions.
US-CERT also strongly recommends that employees regularly change passwords, using a mixture of letters, symbols and numbers. Since these passwords and their accompanying usernames are a business’ first line of defense against hackers, they should not be given to just anyone. Opening links, attachments and emails from a stranger is a no-no, along with installing any personal software and hardware on company devices.
IMAX’s CEO is correct that there is no way to guarantee absolute security. But with due diligence, businesses can greatly reduce risk and stand a good chance of withstanding the onslaught of internal and external attacks. Make network security a high priority; devise a thorough security policy and implement regular training. Keep up to date with patch updates and, as Acampora recommends, conduct regular security audits. It’s a lot of work, but hackers are a determined bunch and defending your company from them is well worth the effort.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”