Cyber crime is expected to cost the world $6 trillion per year by 2021, up from $3 trillion in 2015. Almost unbelievably, profits will surpass that of global illegal drug trade.
Every business in the world is at risk of a cyber attack, no matter how strong the security measures. But there are clear actions and strategies that separate high-risk organizations from their lower-risk competitors. These are also the strategies that help ensure a company can rebound if a breach does occur.
Yep, that’s right. Not the actual bad guys, of course, but people who have the same skills and expertise.
“Most cyber attacks are executed via security holes unknown to the target organization,” Alex Bekker, VP of engineering at HackerOne, told Forbes, “so having well-intentioned hackers find vulnerabilities in our computer systems is the closest we can get to real-world conditions.”
Increasingly, businesses of all sizes are hiring outside security experts to find vulnerabilities their systems have not or would not. The ability to think like a criminal, anticipating the ways hackers might get around standard security controls, gives companies the edge over competitors that rely solely on software and systems for prevention.
The cyber security market is exploding. One of the largest and fastest-growing tech sectors, the global cyber security industry is expected to reach more than $120 billion by year’s end. By comparison, it was worth just 3.5 billion in 2004.
The onslaught of vendors entering the market in recent years makes it difficult to determine which are best. And, unfortunately, not all vendors are equal. Companies that don’t do their research before choosing a product or vendor are taking a serious gamble.
Forward-thinking companies are turning to product testing organizations to verify that a vendor is reputable and that products meet quality standards. However, just as it’s important to choose your vendors wisely, not just any testing organization will do.
As James Butler, CTO of Endgame, told Forbes, companies should look to independent product testing organizations like MITRE and the Cyber Independent Testing Lab that do not accept compensation for their work. Many other testing organizations are paid by vendors to review security products, which lends the results to bias.
Far too many businesses are so focused on keeping hackers at bay that they ignore a greater risk factor for a data breach – their own employees. It’s true: Employees are responsible for more breaches than hackers, whether the acts are intentional or accidental.
Companies that recognize this fact use employee monitoring software to reduce the risk of insider threats. The software records, logs and monitors all computer activity. More importantly, it identifies, flags and prevents risky behavior such as uploading sensitive information to the cloud, saving it to a USB device or emailing it to a competitor.
Advanced monitoring software allows you to write your own rules about which activities are not allowed. You’re immediately alerted when a policy is violated so you can put a stop to behavior that puts your company at risk of a data breach.
Assuming attacks will happen
The scary reality is, you’re probably going to experience a breach at some point. Smart companies focus not on what to do if a data breach occurs, but when it happens.
That’s not to say prevention tactics aren’t crucial. But since we all know they’re not foolproof, reaction strategies are equally – if not more – important. This involves creating a detailed disaster recovery plan. If a breach does occur, how will you keep systems running and the business in operation? Is your data backed up, and how quickly can it be restored?
Partnering with competitors
The banking and financial services industry has quietly developed a groundbreaking cyber attack response plan: If one company is brought down by an attack, another takes over operations until the problem is resolved.
The initiative, Sheltered Harbor, is a major win for consumers. If a breach does occur, the impact on their lives will be minimal. They’ll be able to access accounts, even if the bank is inoperable. All participating banks back up customer account data, storing it in a secure vault and enabling restoration if a breach does occur.
The partnership could serve as a model for other industries, spurring collaboration that protects both companies and their customers. Click below to learn more about Teramind.