It was back in 2015 when IBM CEO Virginia “Ginni” Rometty stood in front of tech and security executives from 123 companies across 24 industries and told a truth we needed to hear- “Cybercrime is the greatest threat to every company in the world.” Fast forward to five years later and that statement can be seen as a prophecy.
There is no denying that a digital revolution has been at play for the past decade. We have all witnessed as every interaction and transaction found their place online – from social media to e-commerce. But as we move towards an increasingly digital environment, the more we share parts of ourselves to the world of the web; that makes us digitally-vulnerable. In fact, a study revealed that on average, a cyber attack occurs every 39 seconds; and once a hacker is able to breach your security, they can steal an average of 75 records per second.
Here are other statistics that give light to cybersecurity:
- Hackers create 300,000 new pieces of malware daily.
- Everyday, an average of 30,000 websites are hacked.
- 98% of vulnerabilities that occur on WordPress sites are related to plugins.
- Americans are more worried about cyber attacks than real-life crimes.
- Of all cybercrimes, 71% of Americans worry most about personal data hacks, followed by identity theft.
And finally, research conducted last year found that 53% of companies still have a long way to go before they are cyber-ready.
The question now is are you part of that majority? If your answer is yes, then read on and see why it’s time to make smart moves to improve your cyber security.
The Business Implications of Cyber Attacks
Hacks, regardless of the severity, can have a huge impact in your company’s revenue. Whether you are a small online shop or a big corporation, being cyber-ready is an investment that will undoubtedly benefit you in the long run. Being vulnerable in the digital world can lead to a series of unfortunate events that might just make or break your entrepreneurial dreams. Here are some ways cyber attacks can ruin your business:
1. Fraudulent Charges
Cookie theft that can get your company’s credit card information and run up fraudulent charges which can lead to more expense or even your account getting blacklisted or suspended.
2. Lost Opportunities
Some cyber attacks can redress your website and redirect it to another site. This can lead to loss of opportunity in things like potential customer reach and lead generation.
3. Consumer Distrust
There are hackers who are able to steal directly from your customers as they interact with your site. This data exploitation can lead to consumers completely losing trust in your business.
4. Revenue Loss
If a hacker creates a malware that will cause your site to go down or crash every few hours, then decrease in sales is bound to happen. Take Sony and Microsoft’s experience back in 2014 when they were cyber-attacked – they reportedly lost an average of $40,000 per hour.
5. Intellectual Property Breach
Skilled hackers can also steal your ideas and pass them off as their own or send it over to your competitors. Last year, a former Tesla employee admitted stealing company secrets and forwarding those secrets to outside parties.
These are just a few of the infinite implications that can result in the downfall of your company. But instead of worrying about potential cyber risks, let us focus our energies on how to put in the necessary safeguards.
Common Motives Behind Hacker Attacks
Cyberattacks cause billions and billions of dollars of damages to the global economy on a yearly basis. In fact, the numbers have been constantly rising as more digital touch points come into play. These damages are expected to reach $6 trillion by next year.
And while cybersecurity continues to be a hot topic in the digital space, the motives of hackers are less talked about. Based on a research done by Hackmageddon, the reasons behind hackers doing what they do can be categorized into – Cybercrime, Cyber-Espionage, Hactivisim, and Cyberwarfare and Cyberterrorism. In this article, we are going to discuss the first two which are directly relevant and prevalent in the world of business:
According to the study, cybercrime is the most common type of cyberattack with financial gain and power being its main motivation. This is usually done by:
- Monetizing sensitive data such as personal credentials and financial information.
- Ransomware or to threatening to publish private data unless a ransom is paid.
- Implementing DDoS or Distributed Denial of Service which could cause your site or app to crash.
- Blackmailing in exchange for something else.
Cyberespionage is a hack designed to acquire intelligence from competitors which can be useful to gain unfair advantage. This is typical in large, multi-million dollar global companies as well as governments. Data gathered can be used to damage reputations, steal intellectual property, or compromise national security.
How to Protect Your Business from Cyber Attacks
It may seem overwhelming to hear the threats that come with going digital, but creating an action plan is key to make sure you will be able to boost your business by protecting it from cyberattacks. Cybersecurity have varying complexities, but there are simple things you can do, together with your technical team, to build a business website with low probability of falling victim to hacking:
1. Take your passwords seriously.
We know it can be difficult to remember all your passwords, pins, and codes, but this is the first level of security that should not be taken lightly. Using 123 or your birthday are not just forms of laziness, it’s negligence, because those types of passwords can be easily cracked by hackers.
Follow what is suggested to you – use a phrase, mix lower and upper cases, add a number, and include a symbol. Come up with something personal, but extremely specific, so it will be difficult to hack yet easy for you to remember.
2. Store sensitive data with high-level encryption.
Data encryption is no longer a luxury, it’s a necessity. We suggest literally taking it to the next level as low-level encryption can now be hacked with little to no effort. AES 256-bit encryption is the highest available encryption currently and is used by the military to protect highly-classified information. If you want to have peace of mind when it comes to data storage, then invest in high-level encryption.
3. Implement HTTPS.
HTTPS is a basic security protocol configured on a server level. It essentially ensures that any data being shared between a server and a browser is secured and private (the “s” actually stands for secure”). HTTPS can protect the integrity of your website from malicious attackers who might steal sensitive information or inject ads to your site. HTTPs is also directly related to our next advice which is to…
4. Avail SSL for your website.
This is particularly important for companies that use their sites for various types of transactions such as e-commerce. SSL is what turns “http://“ to “https://“ – so that web visitors can easily identify if the site they are visiting is secure. This is also the reason SSL is highly recommended by SEO strategists – security is becoming a top priority not just for users, but for search engines as well. It’s a digital certificate that informs the user that a site has HTTPS and follows security protocol, which can in turn, help improve conversion rate.
5. Make sure your cloud server is secure.
Default settings on your cloud server is not enough to secure your data – it can actually open you up to other digital vulnerabilities. Here are other measures you can take to keep your server secure:
- Implement a whitelist that will apply restrictions on devices that can access the accounts.
- Create unique passwords that are periodically changed.
- Allow two-factor authentication.
- Provide different access rules.
- Create a protocol for account logins, so no accounts are left open and vulnerable.
- Get to know your cloud server- use web accessibility resources to make sure you are familiar with common vulnerabilities and security procedures, so you can be ready in case anything happens.
6. Use a VPN.
What is VPN and its meaning? A Virtual Private Network is another layer of encryption that protects the data passing between your server and a device. It helps in preventing your data from being exposed in public channels by having your network traffic tunnel through a secure connection to a remote server. It will also allow you to control connection and settings for both your end-users and company employees.
7. Employ a Web Application Firewall.
Firewalls are designed for traffic analysis to protect your site from hacking attempts. It can monitor, filter, and block packets of data as they go to and from a site or application. It is a costly yet worthy investment that could either be cloud-based, network-based, or host-based. It’s usually deployed by placing a reverse proxy in front of a site or application on the web.
8. Update your site platform and software.
Sites and software that are not kept up to date are much more vulnerable to attacks. Latest security patches are created to make sure that any new bugs are fixed to avoid hackers from breaking into your site. Outdated sites and software can also affect your visitors and even get your website delisted if Google detects malware.
9. Accept uploads with caution.
While there are industries that allow for uploads on their site (like job portals that require applicants to upload their resumes), it’s important to be careful on what files to accept. Be as specific as possible on file types and sizes, scan them for malware, or use an anti-virus software as an additional security measure to keep hackers from uploading malicious content on your site.
10. Have an automated backup ready.
Having an automated backup makes for a great contingency plan because it gives you a copy of all necessary data in case your site crashes or your database gets hacked. If you get cyber attacked, it’s not just the stress of having to go through it that will cost you resources, but recovering and getting your site up and running again as well. Better to have it and not need it than need it and not have it.
While all these may seem like a lot of work, putting in more effort in putting up necessary security measures will help not just secure your site, but also the trust of your clients and partners. The digital world is ripe for opportunities, both good and bad, so being prepared is a long-term solution that can save you both time and money.
Enjoyed reading the blog? Sign up for our bi-monthly newsletter to receive marketing news and advice.Follow me:
- Why You Should Prioritize Cyber Security This 2020 - May 18, 2020