Despite the fact that hardly a month goes by without yet another cyberattack, most companies aren’t prepared to combat today’s evolving cyber landscape.
Companies in lightly regulated industries like retail or manufacturing are more likely to downgrade their attack risk. But this conclusion is based on a faulty understanding of how data breaches hurt companies. Regulatory fines and fees are damaging, but the damage to consumer confidence, brand standing, and the bottom line are much worse
. And small businesses often assume hackers overlook tiny targets, even though nearly two-thirds of cyberattacks target small businesses
Hackers focus on the value of the data, not on the size of the business. As hackers devise more advanced and less recognizable threats, organizations that continue to settle for cybersecurity strategies that rely on a “feeling” of security are taking even greater risks in the coming year.
Why a Data Breach Is an Existential Threat
A comprehensive cybersecurity strategy hinges on understanding the myriad consequences of a possible cyberattack. While such an attack may cause financial turmoil and confusion in the short term, it disrupts a company’s standing in the marketplace for years afterward
In the wake of a data breach, for example, companies become branded by customers as reckless and untrustworthy. Customers have choices today, and when given the choice between a company that was recently in the news for a security breach and one that was not, they will often go with the company that has not been in the news.
Still, the physical cost of a data breach, meaning the money it takes to respond to and ultimately recover from an attack, cannot be brushed aside. At over $3.5 million dollars on average last year
, businesses are shouldering a massive burden.
Strategies to Safeguard Sensitive Data
As cyberattacks become more targeted and their scope and scale — along with the resulting fallout — grows, there are several steps that organizations should take to safeguard their most sensitive data, from intellectual property to communications:
• Focus on the most vulnerable attack vector — email.
Hackers can attack an IT infrastructure from multiple angles, but the email inbox is the most likely choice, simply because it’s effective. In a test of email security, 91 percent of participants clicked on a phishing email
. When there are limits to the amount of time and resources that enterprises can dedicate to cybersecurity, they must be directed where hackers are known to attack.• Don’t overlook data in transit.
Companies often focus their resources on securing their network’s perimeter but ignore data in transit. Because this transit most often happens over email, email encryption tools like ZixEncrypt
are essential. Ideally, those tools are smart enough to automatically identify sensitive information and encrypt it so that user mistakes don’t end up compromising cybersecurity.
• Empower employees with training and education.
No cybersecurity strategy can succeed unless end users understand why it’s important and what they need to do in every situation. While users can easily invite or enable a threat — incidentally or otherwise — they can just as easily spot it and help stop it from eliciting damage. When it comes to cybersecurity, the most comprehensive and effective strategy is one that combines the human element with technological solutions
Assuming you’re secure because you have never been attacked is like assuming you don’t need fire insurance because your house has not burned down yet. Companies that downplay cybersecurity are flirting with disaster, and by doing so they attract even more attention from hackers. It’s recklessness masquerading as responsibility, and it’s a risk no company can manage.