Good cybersecurity practice does not hinder productivity. Ultimately, it enables it.
sense of exactly what the final recovery bill would be.
Perhaps the most notable quality of NotPetya was that even if its victims paid up( which, once again, I do not recommend), they could not get their data back. The ransomware was written without a victim ID, making it impossible for even its controllers to decrypt.
Of course, this is an extreme example. Our respondents were far more likely to be the victims of smaller scale attacks, costing them a smaller amount, but the point stands that much of this kind of global havoc and the hundreds of millions in lost revenue, hinged on the poor security practices of many. Including, most notably, a simple failure to patch the EternalBlue vulnerability which was used in both cases and for which a fix was issued months earlier.
Don ' t get me wrong, the 23 % who reported reputational damage as a direct result of poor security behaviour is nothing to sniff at. A PwC’ s economic crime survey for 2016 labelled it as the most damaging impact of a breach. Avid Life Media felt that sting particularly keenly after the well publicised breach on Ashley Madison, the online dating service for married people, forced the CEO out and prompted the company to rebrand entirely.
While the 21 % who complained of legal and compliance penalties were the least populous of the three groups, they were also the most heavily taxed for their failures. The average monetary loss for our respondents was US $ 4.2 million but those that had to face a court case or hear the heavy hand of the regulator at their door lost an average of US $ 11 million.
The regulators hand can indeed be heavy. And it will now be heavier still.
The EU’ s General Data Protection Regulation( GDPR) came into effect on May 2018 and promises to overhaul Pan- European data protection regulation not just for residents but anyone who does business with Europe.
Good cybersecurity practice does not hinder productivity. Ultimately, it enables it.
It introduces a whole new raft of security measures including reporting requirements and importantly, a variety of basic security measures. Should a company or organisation fall short of those requirements they will face vindictive fines of up to € 20 million or four percent of global turnover( and this is important), whichever is higher. That US $ 11 million figure may soon be dwarfed.
There are a variety of good technical solutions to nip these problems in the bud but your workforce will always be your first and best line of defence. Making sure they know how to spot a phishing email, which is still the main attack vector for so many campaigns, will be the difference between a smoothrunning business and a paralysed one.
That has to be upstairs as much as down. For some, there is a reigning idea that cybersecurity is merely a road block to an efficient workflow. Workforces find it cumbersome to work around blocked applications and applications and c-suite executives don’ t want to bother with long, complicated passwords. We know that the reverse of that is true. Cybersecurity is as much a part of business continuity plans as anything else. Communicating that is an uphill battle, but a decisive one in the war against insecurity. u www. intelligentciso. com | Issue 03
75