blog

Five Things Organizations Should Consider for Smarter Cyber Security

By 29 October 2015 No Comments

Cyber security has resurfaced as a hot topic in today’s business world amid the recent surge in cyberattacks on public and private organizations as well as individuals. The rise and increasing sophistication of cybercrime is forcing organizations to take a long hard look at their existing cyber security strategy. With more organizations adopting hyper connected technology and attempting to collect and analyze more end-user data, now is the ideal time to consider new ways for bolstering data and network infrastructure against evolving threats.

Below is a list of five important things organizations need to consider in implementing a smarter cyber defense strategy.

  1. Every organization has weak points

What’s the easiest way for hackers to access your data? What could they potentially target and what would they attempt to steal? Cyber criminals look for gaps to exploit and business leaders must know what those gaps are in order to develop an effective cyber strategy. For most organizations, these weak points include insecure passwords, lack of encryption, broken authentication and session management and uninformed staff who don’t know how to identify and respond to malware and other threats.

  1. Big data can be used to fight cybercrime

We live in a hyper connected landscape where billions of devices are connected to the internet. This trend is expected to intensify over the next five years as up to 50 billion devices connect to mobile and Wi-Fi networks. In this environment, organizations need to know more about their data and networks in order to protect their information. Big data analytics – the tools and resources for analyzing massive volumes of structured and unstructured data – can accomplish just that. Big data analytics can provide your organization with real-time, automated analysis of your entire network activity, helping you identify existing and potential threats.[1]

  1. Your risks aren’t just external

Cyber security isn’t just about safeguarding your IT infrastructure from external threats, but also on training staff to keep a lid on sensitive information. Regardless of your industry or company size, your organization must set appropriate use guidelines for accessing sensitive information, using mobile networks and devices and connecting to a shared drive while off-premise. Although it’s usually unintentional, staff play a large role in exposing their company to dangerous risks. Mentoring staff about managing sensitive data, safeguarding personal passwords and avoiding unsecure Wi-Fi networks

  1. The cost of not defending yourself is massive

Business leaders are often concerned about what it would cost to implement a full-fledged cyber security strategy without reflecting on how much it would cost if their organization was compromised. According to a recent study, cybercrime accounts for 0.17% of Canada’s GDP, which is on par with the United Kingdom but much lower than many G20 partners.[2] What’s more, cyber breaches increase customer churn (i.e. the loss of customers) by nearly 4 percent.[3] Good cyber security has simply become a cost of doing business and is essential in acquiring and retaining customers. Without it, your organization is lacking an essential part of providing a good customer service experience.

  1. Cyber security is a holistic approach

Cybercrime doesn’t just target large corporations and data-sensitive government departments, but midmarket companies and startups of all sizes.[4] To protect themselves, organizations must approach cyber security holistically rather than view it simply as an IT problem. Organizations need to understand how evolving threats can impact their entire information ecosystem. This extends far beyond sensitive information to include critical infrastructures such as utilities, power grids, government services, transportation systems, telecommunications, healthcare and financial services, among others.

By approaching cyber security holistically, organizations can better detect potential vulnerabilities before a serious threat emerges. In the 21st century, cyber security must be ingrained in organizational culture, including educating your workforce and sharing responsibility for keeping your organization cyber safe.

 

The age of hyper connectivity has made cyber awareness important from the perspective of business processes as well as critical infrastructures. Cyber security not only safeguards the commercial integrity of businesses, but protects the effective functioning of Canada as a whole, including infrastructure and services essential to health, safety, security and economic well-being.

ICTC is currently undertaking a study in partnership with Public Safety Canada that examines the impact of cybercrime on critical infrastructures and prepares small- and medium-sized enterprises (SMEs) to effectively manage their cyber security strategy. To participate in this timely study or learn more about how you can get involved, contact Sam Bourgi (s.bourgi@ictc-ctic.ca).

[1] Teradata (October 7, 2015). “Big Data: Your Ally In Cyber Security.” Forbes.

[2] McAfee (2014). Net Losses: Estimating the Global Cost of Cybercrime.

[3] PricewaterhouseCoopers. Cyberattacks on the rise: Are private companies doing enough to protect themselves?

[4] PricewaterhouseCoopers. Cyberattacks on the rise: Are private companies doing enough to protect themselves?