You are running a busy, successful business. All things being well, customers are calling, employees are engaged and productive and, most importantly, the CFO is happy. The next minute, your IT estate is down, with all of your technical designs, financial information and communication systems inaccessible. Welcome to business in the Digital Age.
Not that long ago, security used to be about solid doors, locks on windows and an alarm. Depending where you were, maybe even barred windows, a dog in the yard and nightly patrols. You protected your company’s assets, that were physical and usually on location, with physical security measures. You unlocked in the morning and locked up at night. The threat was known and you managed that risk investing in appropriate measures. The only inconvenience was if the person with keys was late.
Imagine your facility, where every criminal in the world can be looking at the front door, walking around the perimeter, watching your staff come and go, looking for a way in. THIS is the challenge we now face as business owners, as our valuable assets become digital instead of physical. Criminals (and that’s what we are talking about), would come at night, looking for a weak spot in your security. Now, they lurk in broad daylight, continually probing, exploring and challenging your defences. The most unnerving part? If they succeed, your rarely know they are inside. You can’t see them!
Here are some statistics from Cisco’s 2017 Annual Cybersecurity Report:
- 1/3 of organisations that experienced a breach in 2016 reported substantial customer, opportunity and revenue loss of more than 20%
- 22% of breached organisations, lost customers. 40% of them lost more than 20% of their customer base.
- 29% lost revenue, with 38% of that group losing more than 20% of revenue.
In a very worrying trend, a report by 451 Research on Australian organisations, found that 85% reported they had been breached sometime in the past, well above the global average of 60%. Almost 1 in 3 were breached in the last year. However, only 50% of these companies said they planned to increase security spending to protect their data.
Why the apparent complacency for Australian businesses? The most common challenge we hear when discussing security with our customers, is that it impacts productivity. Let’s take the most common of security measures, a username and password. A username of “Jim” and a password of “password” is certainly convenient. So is leaving the building unlocked and unalarmed, ready for staff in the morning! Strong passwords are no longer enough.
So what does a modern “moderate” digital security posture look like?
- Strong passwords that change regularly (prevent brute force attacks through the front door)
- Good perimeter security using Next Generation Firewalls (prevent slipping in through the side door)
- Mail security (prevent malware attacks where you invite the criminals in)
- Browsing Security (prevent ‘drive-by’ attacks where you expectantly pick up a criminal)
- Anti-Virus/Anti-Malware and Advanced Malware Protection (security guards that are on the look out for suspicious behaviour)
- DNS Protection (stops unauthorised Internet communications and ransomware from activating, even if it does get inside)
- EDUCATION! (all staff need to understand their role in modern security)
If you are thinking “what about the impact to business productivity?”, then you’re not balancing that with the productivity benefits that IT has already brought to your business. A breach or a virus, will remove those productivity tools from you, in many cases rendering your business inoperable. We rely on IT to perform our daily business functions. Appropriate security is part of the deal. The more you rely on IT in your business, the stronger your security posture needs to be.
With Privacy Law amendments coming in to effect on 22nd February 2018, data security is no longer a gamble you can afford to take. Penalties of up to $1.8M for companies and $300,000 for individuals apply for non-compliance. The question is no longer about the impact to productivity of security, it is about the necessary processes to secure your business.