Do you think your work related data is safe and beyond the reach of hackers? Do the news headlines on frequent breaches, hacks and heists worry you?
It will be surprising, if your answers to the above questions are not in negative. The reality is that breaches are happening all around us. In this scenario, the question we need to ask is not whether your company’s digital assets will be attacked or not, but how ready you are to face the consequences as and when it happens.
The situation is alarming and the threat seems believable when we put the some statistics into perspective. As per a recent survey conducted by PwC, in 2014 the total number of cyber security incident detected grew by 48% as compared to last year and most of these data breaches happened from within the organisation. Globally, the annual estimated reported average financial loss attributed to cybersecurity incidents was $2.7 million, a jump of 34% over 2013 as per PwC report. These numbers may not tell the full story as many organisations are unaware of attacks, while others do not report detected incidents for strategic reasons. However, the fact of the matter is that breaches are becoming extremely common in today’s connected world and organisations need to prepare urgently to deal with such situations.
Simple acts of an employee’s mobile phone theft or a misplaced office laptop, have the potential to spur a series of complex cyber-attacks. As more and more devices make way to our workplaces and assets move to digital platforms, data breaches need to be assessed not as a threat but as a reality of our times. Today, an attacker does not necessarily need to break into a physical bank vault to rob it, he/she just needs to find a vulnerability in the bank’s digital armour.
Data is the most valuable asset for any organisation and a loss can cause irreparable damage to brand reputation, trust and wealth. From an enterprise perspective, one needs to understand that data is at risk as much within the organisation as from external as well. It is also important to remember that third parties are often source of security risks.
As the saying goes ‘prevention is better than cure’, enterprises need to focus on a prevention strategy against data breaches. The following factors are critical to assess how well-prepared an organisation is:
* Fastness in identifying that your organisation has been breached
* Extent of data loss and assessment of damage results
* Time to recover and get back to business
Security must be built in at every layer of the organisation—hardware, software, and network infrastructure—to ensure end-to-end protection. It is imperative for enterprises and consumers to adopt a streamlined, collaborative and end-to-end approach to data security. In order to mitigate the risks involved with data breaches, enterprises must adopt the following steps:
Data audit: Just like a financial audit of bank accounts, assets, investments are critical to determine an organisation’s well-being, it is equally important to assess and review the most important asset of an organisation—data. But most businesses ignore this key component. The starting point in the data audit process could be analysing data storage points and modes of accessing the same. It is equally important to understand access controls, encryption and other defences. The next step is to make a list of current defences, costs, vendor and technology deployed.
Vulnerability assessment: Organisations must perform security and vulnerability assessments on a regular basis against the entire digital architecture of an organisation. While assessments can be performed internally on an on-going basis, it is also recommended that third parties should be retained periodically to ensure highest standards of coverage.
Diversify assets: Diversification helps to mitigate the impact of attacks and breaches. Just like a sound financial strategy, it is important to diversify an organisation’s digital assets. With due diligence and a robust diversification plan, one can prevent attackers from causing collateral damage.
Breach-up sessions: Just like preparing for the big pitch or a business proposal, a breach is like a high pressure test and an organisation needs to be prepared adequately to handle the situation. Regular mock breach sessions will help develop a ready response to different breach situations.
The writer is managing director, BlackBerry, India