W
ithin just the past two years,
multiple companies fell victim
to high-profile cyberattacks.
Businesses such as James Fisher
and the Desjardins Group
as well as multiple Asian port cities (including in Japan,
Malaysia, Singapore, South Korea, and China), were attacked
by hackers around the globe. The results were billions of
dollars lost in productivity and other substantial damages.
The attacks also compromised sensitive data, eroding trust
between the affected businesses and their clients.
Every single business needs to learn how these
attacks happen and what they can do to prevent them. With
multiple factors involved in why and how these failures
unfold, from simple negligence to campus access issues to
insider threats, security incidents vary in cost depending
on the nature of the flaw that caused them. Businesses may
have some control over the outcome—or none at all.
The strongest defense for modern businesses across
all industries is a deep understanding of the world's most
common security threats and an unwavering commitment
to holistic security.
The Three Largest Security Failure
Touchpoints
Regardless of sophistication, almost all cybersecurity
risks stem from one of the following touchpoints: employee
negligence, insider threats, or technology liability.
There are several ways that businesses can address
security at each of these points. Every vulnerability
requires a distinct solution, but it is possible for savvy
businesses to assemble comprehensive defenses.
The Threat of Employee Negligence
In 2018, security incidents caused by negligent employees
cost businesses an average of $283,281. Employees who
are good at their jobs aren't necessarily good at identifying
security risks. Workers can easily expose their employers
to multiple risks that cost large amounts of money and
dedicated productivity to rectify, including by:
• Downloading malware - Through email,
compromised websites, or embedded code in PDFs.
• Dictionary passwords – Creating common
passwords that barely meet security requirements.
• Falling for phishing scams - Through email, direct
communication, or compromised websites.
Dictionary passwords are less common in the modern
workplace due to software and network restrictions that
demand special characters, numbers, and multiple letter
cases in passwords.
Malware and phishing are closely related as
both involve unwitting employees actively providing
information or downloading files that generate threat.
The results of these errors can be costly, such as the
Pemex ransomware attack that shut down its Mexican
computer center for several days. While Pemex removed
the RYUK ransomware, if it had afflicted more sensitive
computers, the company may have been reduced to a single
option: paying the money that the hackers demanded in
exchange for releasing its computers.
How to Prevent Insider Threats
Insider threats shake down businesses from the inside
out through the intentional actions of current or former
employees or partners. The average insider security threat
is twice as costly as employee negligence: compared to the
$283,281 that negligent employee actions cost businesses
in 2018, malicious attacks from insider threats cost
13
I L T A N E T . O R G
