A special guest post by Global Security Consultant and Political Risk Expert, Paul Crespo. This is the sixth post in the series.
With larger and costlier data breaches being reported every day, cyber security is quickly moving from being seen by C-level executives as a purely technical security issue, to a top business risk for global corporations.
Cybercrime and cyberspying are costing the US economy $100bn a year, and the global economy perhaps $300bn annually, according to a report by the Center for Strategic and International Studies (CSIS); and senior business executives are taking notice.
According to Lloyd’s (formerly Lloyd’s of London) 2013 Global Risk Index, based on a global survey of over 500 C-suite and board level executives, cyber security is now the third highest concern for international business, having jumped there from 12th place in 2012.
Cyber security now places just slightly lower than high taxation and loss of customers as the most worrisome risks facing international businesses today. Since customers also generally leave when organizations are breached, customer loss and cybercrime are closely linked, making two of the top three top business risks cyber security-related.
Cyber attacks worse than a natural disaster
As for the potential damage to a company, a separate survey by the Experian Data Breach Resolution team and the Ponemon Institute found that 76% of corporate security professionals believe protecting against a cybersecurity breach is more important, or at least as important, as safeguarding against a natural disaster, business interruption or fire.
Biggest cyber threats
While there are numerous internet security threats targeting international businesses, the most common and dangerous generally include the following three threats:
- Cyber Social Engineering – online intrusions that rely heavily on human interaction and involves tricking trusted employees to break normal security procedures, usually via fake “phishing” emails in order to penetrate networks .
- Advanced Persistent Threats (ATP) – sophisticated network attacks where an intruder gains access to a network, often through social engineering and stays there undetected over time in order to steal large amounts of valuable data.
- Human Error. A recent Ponemon Institute study found that human errors and system problems, such as mishandling confidential data, lack of system controls, and violations of industry and government regulations, accounted for 64% of data breaches globally.
Cyber security needs to be front and center in all corporate security programs, and training employees across the entire enterprise in basic internet security protocols should be a key element of any