Did you know that businesses that invest in cybersecurity are more effective at preventing attacks? The importance of cybersecurity in business should never be overlooked, since over the years, attacks occur at an increasingly accelerated rate.
No business with an internet connection is immune to cyberattacks. The financial, physical, and legal implications of an attack on any business can be absolutely devastating.
In 2021, 94% of companies experienced at least one major cybersecurity incident. According to a study by Deloitte, the average number of attacks between 2020 and 2021 has increased from 1,69 incidents in 2020, to 2,13 incidents this past year; that is 26% more.
In recent decades, technology has become an integral part of lives and work. We are now living in a more technologically advanced world that, apart from being an advantage for companies, at the same time, exposes us to a greater risk of cybercrime.
Analyzing the sectors with the highest incidents per year, we find Insurance, Telecommunications, Manufacturing and Banking. It is important to highlight that the Banking and Insurance sectors have a high level of maturity in cybersecurity and are heavily regulated. However, they are a main target for cybercriminals and suffer attacks not because of a weakness in the area but because of the amount and type of information they handle, which becomes of great value.
Insurance, infrastructures, pharmacy and sanity, telecom & technology, transportation, hospitality & services, energy & resources, manufacturing, banking, public administration, consumption & distribution.
International business leaders rated cyber threats as one of the top business risks, according to the results from PwC’s 21st Global CEO Survey.
In turn, 81% of CISOs consider they do not have enough trained personnel, which has led to a situation that can be considered a “crisis” of talent in cybersecurity, since companies that have a budget for hiring personnel are limited in many cases to fill the vacancy due to the lack of qualified candidates.
They also recognized that the main repercussions of cyberattacks are the loss or compromise of sensitive data, Ransonware and Malware, as shown in the following graph:
While large and medium-sized companies began a couple of years ago to consider information security a strategic asset and an opportunity to protect their business, on the other hand, authorities, collaborators, and the general population are unaware of the risks to which they are exposed.
Companies should always have the answers to the following questions: what information do I have? Where do I have it? And who has access to it?
Another aspect to consider is the internal threats such as collaborators, for which companies are generally not prepared.
Undoubtedly, employees are the weakest link in companies, so it is necessary to educate and transform them. For this, awareness and training are essential. Companies still do not understand the difference between training and awareness in cybersecurity, what makes employees not to have a clear strategy when dealing with cyberattacks. Those who provide more than 20 hours of training and awareness per year have received only 15% of the attacks in the last year.
Why is it so important to have cybersecurity strategies in companies?
These are silent risks that can have serious consequences if not properly managed. Cyberattacks not only involve the breach of personal information stored in the company’s digital space, but also have economic and reputational consequences, affecting even the lives of employees and the customer.
Globally, according to statistics from the multinational technology company IBM, phishing scams increased by 6000% during the health crisis.
How to deal with cybercrime?
To mitigate the risk of cyberattacks, companies must take certain measures. Here are 10 best practices to improve cybersecurity:
- Conduct a risk assessment: knowing what cyber risks exists and how they can affect, are the first steps to understand how to best protect your organization.
- Reduce human errors with IT policies: educating people about IT policies should be a factor in any cybersecurity strategy in companies. You can start by teaching employees simple tips on how to create strong passwords and detect phishing emails.
- Change device passwords: most default passwords are known out of the box, leaving organizations vulnerable to attack. You should always change passwords for added security.
- Prioritize software and firmware updates: various software and firmware updates, including the latest versions, to decrease known vulnerabilities.
- Choose technologies with integrated defenses: it is critical to integrate multiple layers of defense into physical security solutions. For instance, encryption can hide and protect data of unauthorized users and protect communication between the client and the server.
- Use robust methods of authorization and privacy: while encryption and authentication are excellent tools for protecting data, they cannot prevent unauthorized access to the network. With authorization capabilities, you can limit the scope of the activity in the system by granting specific access rights to groups or individuals, resources, data, or applications.
- Comply with the new legislation: with the raise of cybercrime, new privacy and data laws are evolving to hold businesses accountable. Compliance with these new laws can not only help build resilience in cyberspace, but can also avoid costly penalties for non-compliance when breached.
- Consider the benefits of cybersecurity in businesses: cybercriminals are becoming more skilled. Even when everything is done right, the organization can still be at risk. Cyber insurance provides financial assistance for processing and recovery in the event of default.
- Reassess risks and policies periodically: cyber threats are constantly evolving. What works today may not work tomorrow. You must take the time to reassess risks and policies.
- Participate in the cybersecurity debate: it is not enough to rely on integrators or other service providers to implement effective security methods. Sometimes, the IT department is too busy to help. Security professionals who are most involved in creating and implementing cybersecurity practices are typically in a better position to help mitigate the risks.
86% of companies consider that they are “adequately prepared” to deal with cyberattacks, so ask yourself, is your company prepared to face cybersecurity problems? What is the degree of awareness of senior management regarding the cybersecurity of the company?
If you need more support or guidance to enhance or consult the cybersecurity of your business, in Interfaz we rely on a team of specialists and a full stack of technological services. Count on us, schedule your consultancy here.
- La importancia de la ciberseguridad, PWC. 2019
- El estado de la ciberseguridad, Deloitte
- Un 45% de las pymes en ciberseguridad carecen de la preparación necesaria, Revista Seguridad 360. 2021
- La seguridad de red protege toda su superficie de ataque, Fortinet. 2020