Why is Cybersecurity Important?

What is cybersecurity?

Cybersecurity is the state or process of protecting and recovering computer systems, networks, devices, and programs from any type of cyber attack. Cyber attacks are an increasingly sophisticated and evolving danger to your sensitive data, as attackers employ new methods powered by social engineering and artificial intelligence to circumvent traditional security controls. 

The fact of the matter is the world is increasingly reliant on technology and this reliance will continue as we introduce the next generation of smart Internet-enabled devices that have access to our networks via Bluetooth and Wi-Fi. 

The importance of cybersecurity

Cybersecurity's importance is on the rise. Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive information like social security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.

The fact of the matter is whether you are an individual, small business or large multinational, you rely on computer systems every day. 

Governments around the world are bringing more attention to cybercrimes. GDPR is a great example. It has increased the reputational damage of data breaches by forcing all organizations that operate in the EU to:

• Communicate data breaches
• Appoint a data-protection officer
• Require user consent to process information
• Anonymize data for privacy

The trend towards public disclosure is not limited to Europe. While there are no national laws overseeing data breach disclosure in the United States, there are data breach laws in all 50 states. Commonalities include: 

• The requirement to notify those affect as soon as possible
• Let the government know as soon as possible
• Pay some sort of fine

California was the first state to regulate data breach disclosures in 2003, requiring persons or businesses to notify those affected "without reasonable delay" and "immediately following discovery". Victims can sue for up to $750 and companies can be fined up to $7,500 per victim.

This has driven standards boards like the National Institute of Standards and Technology (NIST) to release frameworks to help organizations understand their security risks, improve cybersecurity measures and prevent cyber attacks.

What is the impact of cybercrime?

A lack of focus on cybersecurity can damage your business in range of ways including:

• Economic costs: Theft of intellectual property, corporate information, disruption in trading and the cost of repairing damaged systems
• Reputational costs: Loss of consumer trust, loss of current and future customers to competitors and poor media coverage
• Regulatory costs: GDPR and other data breach laws mean that your organization could suffer from regulatory fines or sanctions as a result of cybercrimes

How to protect your organization against cybercrime?

There are three simple steps you can take you increase security and reduce risk of cybercrime:

1. Educate all levels of your organization about the risks of social engineering and common social engineering scams like phishing emails and typosquatting
2. Invest in tools that limit information loss, monitor your third-party risk and fourth-party vendor risk and continuously scan for data exposure and leak credentials
3. Use technology to reduce costs like automatically sending out vendor assessment questionnaires as part of an overall cyber security risk assessment strategy

Companies should no longer be asking why is cybersecurity important, but how can I ensure my organization's cybersecurity practices are sufficient to comply with GDPR and other regulation and to protect my business against sophisticated cyber attacks.

Examples of damages to companies affected by cyber attacks and data breaches

The amount of cyber attacks and data breaches in the recent years is staggering and it's easy to produce a laundry list of companies who are household names that have been affected.

Here's a few examples: 

• Equifax: The Equifax cybercrime identity theft event affected approximately 145.5 million U.S. consumers along with 400,000-44 million British residents and 19,000 Canadian residents. Equifax shares dropped 13% in early trading the day after the breach and numerous lawsuits were filed against Equifax as a result of the breach. Not to mention the reputational damage that Equifax suffered. On July 22 2019, Equifax agreed to a settlement with the FTC which included a $300 million fund for victim compensation, $175m for states and territories in the agreement and $100 million in fines.
• eBay: Between February and March 2014, eBay was the victim of a breach of encrypted passwords, which resulted in asking all of its 145 million users to reset their password. Attackers used a small set of employee credentials to access this trove of user data. The stolen information included encrypted passwords and other personal information, including names, e-mail addresses, physical addresses, phone numbers and dates of birth. The breach was disclosed in May 2014, after a month-long investigation by eBay.
• Adult Friend Finder: In October 2016, hackers collected 20 years of data on six databases that included names, email addresses and passwords for The FriendFinder Network. The FriendFinder Network includes websites like Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com. Most of the passwords were protected only by the weak SHA-1 hashing algorithm, which meant that 99% of them had been cracked by the time LeakedSource.com published its analysis of the entire data set on November 14.
• Yahoo: Yahoo disclosed that a breach in August 2013 by a group of hackers had compromised 1 billion accounts. In this instance, security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo on December 14, 2016, and forced all affected users to change passwords, and to reenter any unencrypted security questions and answers to make them encrypted in the future. However, by October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation revealed that users' passwords in clear text, payment card data and bank information were not stolen. Nonetheless, this remains one of the largest data breaches of this type in history.