Putting Cybercrime in Perspective: What’s Your Risk Appetite?

Andrew Miller

08.15.2019

Cybercrime is big news. It seems almost weekly, we see reports of a massive company affected by an even more massive data breach. We hear about the sophistication of the cybercrime economy on the dark web. And we hear politicians ranting about preventing cyberattacks by government-sponsored hackers.
Is it all hype? How much does cybercrime affect YOUR business—really?
Surprisingly, many mid-market companies and smaller enterprises often tell us they don’t feel they are really a target. They brush off the need for data security by telling themselves a couple of different kinds of stories:

  • We’re too small. After all, we are not Capital One. We hold a modest market share, and we don’t have any real secrets.
  • There isn’t anything we can do about it. We don’t have the resources to do data protection like a giant corporation—how could we possibly prevent a breach?

Those brush-offs are myths. The truth is:

  • Cybercriminals don’t care how big your company is; your data is extremely valuable. (And yes, you do have intellectual property (IP) that is worth a lot.)
  • Mid-market companies are held accountable to the same regulatory requirements as large enterprises, so it’s essential that you meet those mandates.

To ensure effective, cost-efficient data protection, mid-market companies need to put their security needs into business terms.

What’s Your Risk Appetite? Consider the Opportunity You’re Offering

To put some perspective around your risk for data loss, don’t compare yourself to the big media stories. Instead, consider the way criminals take advantage of opportunity.
Say you are a midsize regional hospital. In the gift shop, an employee leaves a $100 bill on the counter during a transaction. That bill is an opportunity; a fast-thinking criminal can snap up the bill and run out without any planning. Of course, the risk of getting caught with that $100 is reasonably high.
What if instead the gift shop employees leave an unsecured router on the counter? A thoughtful criminal might recognize that as a greater opportunity. The motive for stealing data through that router might be to sell employee and patient personally identifiable information (PII)—or it might be just to prove that they can break in. But the theft itself may not be discovered for a long time, and the chance of getting caught is pretty low.
Regardless, now that PII is in somebody else’s control. You have a data breach.
What will that cost you? According to the Ponemon Institute’s 2019 Cost of a Data Breach Report:

  • The average global cost of a data breach is $3.92 million.
  • Healthcare is the industry with the highest breach costs—averaging $6.45 million.
  • In highly regulated environments, costs have a longer impact, spanning more than 2 years.

That kind of impact could be devasting to your midsize hospital.

Take the Data Loss Prevention Steps That Matter

Of course, an unsecured router is only one of many ways cybercriminals can access your systems and the sensitive information of your customers and company. How can you implement data protection in a way that’s going to make the biggest impact in the most cost-efficient way?
The Cost of a Data Breach report offers recommendations for security program elements that make the greatest reductions in the financial impact of a breach:

  • Discover, classify, and encrypt sensitive information, ensuring the most sensitive data is encrypted on premise, at the endpoint, in transit, and in the cloud.
  • Invest in technologies that help improve the ability to rapidly detect and contain a data breach, including security automation and intelligent orchestration capabilities that provide visibility across the security operations center (SOC).
  • Minimize complexity of IT and security environments to make it easier to quickly identify breaches caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile, and OT environments.
  • Know how you will identify genuine incidents–and how you will respond to them. Organizations that have developed expertise in responding and remediating security incidents can respond quickly to contain the fallout from a breach.

 

How Do You Respond to the Overwhelm of Cybercrime News?

Ultimately, investing in a data protection program is your most important form of risk management. Companies of all sizes must be highly aware of their risk tolerance and make informed decisions about how to invest appropriately to provide the level of protection their customers, regulators, and stakeholders demand.

Where does your data protection program stand?

For any size enterprise, from mid-market organizations to large global corporations, seeking the experience of a trusted managed data protection provider is a risk-reducing solution that makes good business sense.
InteliSecure experts bring more than 15 years’ experience in security analysis and data protection strategy. Contact us to discuss your organization’s data protection needs—and find the solution that fits.