Organizations in the U.S. spent $8.64 million on average responding to cyberattacks last year, according to a Ponemon Institute report.
This figure is more than double the global average, which leads us to ask why things are so bad in the U.S. and what can organizations do to tackle this threat.
We answer both of those questions in this blog, with three tips to help you bolster your cybersecurity defenses and reduce the damage that breaches will cause.
1. Provide your security team with adequate resources
The first step to protecting your organization is to give your cybersecurity and IT teams the resources they need to do the job.
It may seem counterproductive to spend money in order to reduce the cost of data breaches, but the investment in cybersecurity defenses pale in comparison to those of cyberattacks.
Indeed, with just a few thousand dollars, you could make major improvements that mitigate most of the common forms of attacks.
This is a lesson that organizations are starting to learn. The PwC Global Digital Trust Insights 2021 survey found that 55% of enterprise executives plan to increase their cybersecurity budgets this year, and 51% said they are adding more full-time cybersecurity staff.
The boost in investment comes despite the fact that two thirds of respondents said they expect revenues to decline in 2021. This demonstrates that they have learned that effective security isn’t a luxury but an essential business cost that will in all likelihood save money in the long-term.
2. Plan for a ransomware attack
Ransomware has become cyber criminals’ favorite tool for attacking organizations.
Attacks are relatively cheap to conduct, they don’t require sophisticated hacking knowledge and they can net the criminals large sums. That is, providing that organizations pay the ransom demand.
Many organizations are starting to follow cybersecurity experts’ advice not to pay up, the reasoning being that there is no guarantee that the criminals will keep their word once they’ve received their money.
Another issue is that, even if you are given the decryption key, there are still plenty of other associated costs.
There are the lost hours or days in productivity, the potentially permanent damaged to systems and the fact that the incident is still classed as a data breach, meaning you should respond accordingly – notifying relevant authorities and affected customers.
But what’s the alternative? The answer, of course, is to plan for the inevitable.
If you implement an incident response plan, which includes regularly backing up your sensitive data, you can refuse to pay criminals’ demands and know that you can get back up and running with minimal delays.
3. Address vulnerabilities
Website and system vulnerabilities are one of the most common, yet avoidable, causes of security incidents.
With a patch management program and other relevant policies, organizations can be sure that they have the latest versions of any software and that existing weaknesses are spotted promptly.
Unfortunately, these defenses are applied all too rarely, exposing businesses to routine data breaches. All criminal hackers have to do is look out for known weaknesses and then find organizations that haven’t fixed them.
Indeed, this is one of the most misunderstood aspects of cyber security; criminal hackers aren’t necessarily targeting specific organizations, because they know almost everyone has sensitive data.
They are instead targeting vulnerabilities, which enables them to identify dozens, if not hundreds, of organizations that can be breached using the same method.
You can find out how to secure your organization from vulnerabilities by following the advice outlined in ISO 27001.
It’s the international standard for information security management, demonstrating how you can monitor and address information security concerns in a simple, structured way.
The Standard contains specific guidance on patch management, but it also ensures that you improve your defenses across the whole organization.
You can find out more by reading our free green paper: Cybersecurity and ISO 27001 – Addressing the cyber threat landscape.
You’ll learn how organisations are using the international standard for information security management, ISO 27001, to protect their critical information assets and enhance their reputation with customers and suppliers.