Crime, like illness, is barely a part of normal
consciousness – until it happens to you. In 2017, the American Insurance Journal recorded 53% of
US businesses had been maliciously targeted online. However, there remains a
remarkably large percentage of business owners out there for whom it’s barely a reality. The latest computing developments – as well as the
human fascination with remote storage and control – is changing that.
The reality for businesses in 2019 is online
criminality is evolving at a rapid pace. In a December 2018 article, Forbes sampled
a host of industry voices on the issue. Notable among many alarming emergent
and persistent cyber security issues, malware accidentally introduced by staff
remains the biggest threat to this day.
Crooks are also expanding the monetisation of their
endeavours, finding innovative new ways to glean illicit funds from harassed,
captive, or robbed business owners. Criminals are targeting smaller concerns
too, for more immediate bread and butter ransom payments.
Unprotected data is a liability
No matter how glorious it is to be swimming in a
data lake, if someone can pull the plug, it’s not an asset. To whatever extent your IP, systems and data are a huge aid
to business, that’s how much of a
crippling liability they can become under someone else’s control.
Particularly with modern leaps and bounds in cloud
storage and remote access, AI is being gleefully applied to businesses large
and small. AI has yet to supersede dedicated cyber security agents, however. As
fast as the world advances technologically, crooks are just as fast working the
same new advances and apps to siphon off funds. Indeed, up to $600 billion annually is lost to
global business from online criminal activity. Computing might have become far
more intelligent and intuitive overall, but human error remains. Failing to
cover basics like including regular training with staff often comes back to
haunt business owners.
Accidental lapses aside, cyber crooks are also
finding new ways to hold businesses hostage, such as simply “contaminating” data while
avoiding outright theft. Once accessed by third parties, a business’ data becomes unusable, and the criminals play the waiting game. They’re hoping the disruption to daily business and ensuing frustration prompts
a payment that ensures they’ll “fix” a company’s systems and release usable data.
In a nutshell – even if it hasn’t troubled you to date – the next five years will see a huge increase in
smaller, “softer” targets gobbled up online. The days of only large corporate concerns being
worth the hacking hassle are over.
Common cyber security
Are you guarding the online security gate in your
business? Is your cyber security preparedness on a par with a large corporate
like, for example, the Marriott Hotel group? They spend a
large amount of money each year protecting their and their guests’ personal and financial information, yet they were hacked in 2018. This
points to the first misconception below: that data in itself has no value
unless related to immediate financial access.
- Online crime is only about stolen or ransom money. False. Cyber thieves have an entire universe
operating out of sight, where trade-offs and later monetisation of hacked data
come into play.
- Similarly, “hacking” is all about credit card details. This is completely
untrue. Headlines aimed at consumers tend to highlight consumer issues, but
that shouldn’t obscure the
fact that online penetration has a host of more insidious implications than
- Cyber criminals only go for the big fishes – no one could possibly care
about my little venture. Gains might be
bigger at larger concerns, but they’re typically
more sophisticated and impenetrable in their approach to online security. They
also usually have the funds to pursue matters criminally, when possible. It’s simple maths, if seven smaller business breaches add up to one large
hacking success! There’s an entire
fraternity of cyber criminals who specialise in just such a quantitative
approach, knowing full well they’ll find far
easier pickings as a rule.
- If software is up to date, no hacker has a prayer of accessing me
online. This contains
both a truth and untruth. Looking at graduates as an analogy, it’s applying and extrapolating what’s been learned at university that will really propel a career, not the
qualification itself. So too is it essential to build a personalised security
system, as merely buying the latest antivirus is no guarantee that systems are
impenetrable. It’s essential to
build commercial cyber security just as one builds a business. The process is
careful, calculated and deliberate, resulting in a tailored setup that plugs
every possible outside reach.
When realising the overall success of online
security rests with a small (or larger) contingent of personnel, implementing
online security needs to be a strategic and professionally designed process.
Online security begins
Perhaps counter-intuitively, watertight online
security begins with the human factor. Regular staff training needs to go hand
in hand with tech updates and maintenance. Spend time on training. Develop
policies such as a prohibition on opening mails that meet certain criteria.
Phishing is still huge business. Indeed, canceling out the
prospect of human error – whether intentionally enacted by disgruntled
employees or legitimately erroneous – needs to be the first consideration in
Coupled with catering for the human factor should
be the optimisation of tech, systems and storage. Developing a security culture
and environment can be the difference between embarrassment and collapse. When
there’s flimsy backup
protocol in place, or limited safe storage or irregular maintenance, a breach
can literally shut a business down.
Cyber security – much like a great company mission statement – truly involves everyone online in the name of business. Phishing mails, external (personal) storage devices and suspicious activity need to trigger secure protocols in every member of the team. It needs to include up-to-the-minute professional monitoring. It needs to anticipate malicious human intent from those close and those remote. Finally, it needs constant, ongoing testing and maintenance. Only by taking this approach can you enter 2020 as a business owner who keeps intruders out and day to day commerce running smoothly.
[Image via: Google Images]