12 September 2017

Tackling Cyber Security Breaches


Internet accessibility has only enabled the critical role of information technology in our daily lives. It has always been an inevitable part of organizational functioning, however access to the internet puts a lot of power in the hands of organizations and individuals alike.

Some recent examples include the leaking of several episodes from the wildly popular Game of Thrones series. While fans eagerly awaited to see what happens next, little did they realize that this excitement would be dampened by spoilers spread across the internet and social media.

The latest season of the hit fantasy TV show has been marred by several cyber security breaches. Apart from the hackers’ attack, the channel itself leaked the penultimate sixth episode accidentally.

This has been an example of C-suite executives everywhere that even one-time cyber-security threats can greatly hamper a business, regardless of its size. In spite of its scale, the company has been reeling, attempting to fix holes in their cyber-security procedures while keeping up with Game of Thrones fan hysteria.

In fact, its size makes it more vulnerable to the negative impacts that such instances can have on its reputation and revenue. Organizations must ensure that they accord top priority to data security as any low-level threat can percolate to the wider network and cause the organization to face financial penalties, lose revenues, incur customer wrath and have its brand image and future business suffer.
The cons of a security breach

A Drain on Money and Other Resources


The first and foremost impact of a breach is the economic losses to an organization, which go beyond just sales. Once confidential data is leaked, companies would need to spend heavily on forensics to investigate the breach as well as re-establishing stricter security protocols. Lawyer fees, filing of lawsuits and payment of fines to data protection authorities, all add up. Further, resources of time, energy and money are diverted to fire-fighting rather than growth and development. Companies should just avoid incurring double costs and disruptions by having cybersecurity hygiene from the get-go.

Loss of trade secrets/Disruption of Operations


Computer hacking primarily involves theft of proprietary and confidential information such as research, strategies, and financial reports. Compromised information and intellectual property can make an organization fall behind its competition by affecting its business operations and continuity.

Loss of trust and valuation


Customer relationship is built on trust and such attacks can lead to loss in reputation for a service provider. Cyberattacks can damage the reputation of a company and shake the faith that its customers place in it. A study conducted recently has shown that there is a strong relation between cyber breach in a company and its share price performance with some breaches having wiped off as much as 15% off companies' stock market valuations. For instance, Yahoo’s massive hacks raised questions on the company's deal to sell itself to Verizon Communications.

The lesson to be learnt


It is imperative for companies to be proactive about putting resilient systems in place to safeguard a company against possible cyber-security threats. There are courses available which can equip people with the core concepts of network security and an in-depth understanding of cybersecurity mechanisms. Here are some other things to consider for professionals and executives in any organisation working with technology-based systems:

Invest in protection


This assumes importance as technologies which help protect against possible breaches can detect network intrusions before hackers have the chance to access sensitive data. Assessing and identifying organizational vulnerabilities and then formulating procedures to avoid them is the very first step. Some companies choose to employ a security firm for this or many prefer specialised training for their own trusted and employed professionals.

Educate employees


Very often, employees may unknowingly download viruses, install unauthorized software, register weak passwords or transfer work files to their home computers. This can result in data breaches and vulnerabilities. It is important to educate employees about best practices and how they can use the internet securely. Besides the education of employees, management and senior executives should also undergo basic training. One such course that we offer at Acadgild is 'Ethical Hacking' which introduces people to hacking concepts, network security, viruses, sniffers, cryptography and more.

Encrypt company data


There is research to back the fact that about 60% of those companies who faced a data breach did not encrypt their data. This is an essential step to avoid possible hacking and loss of information.

Screen vendors


Organizations that provide any third-party with access to confidential data, must do some research on their policies. This will help in understanding whether they comply with security best practices. The first Game of Thrones leak occurred owing to an outsourced agency that did some work for HBO’s Indian content distribution partner.

In conclusion

Apart from all the above measures, organizations should have a contract in place that protects them from liability in case of a security breach. Technology is bringing the world together and therefore, the likelihood of cyber-attacks will only amplify in the future. However, companies should constantly update themselves about both the scale and sophistication of cyber security threats and take adequate precautions to safeguard themselves.

(The author is President and Co-founder, Acadgild. Views expressed above are his own)

Search This Blog