Anyone monitoring the news over the past year could attest to the growing persistence and severity of cybercrime. However, some might still be surprised that the U.S. Director of National Intelligence has placed the threat at the top of the list for national security dangers.
All hands on deck
Help Net Security reported that a recent study co-sponsored by PricewaterhouseCoopers, CSO magazine, the CERT Division of the Software Engineering Institute at Carnegie Mellon University, and the U.S. Secret Service revealed that companies are ill-prepared to combat evolving and increasing cyberattacks. The report offered the following statistics about the frequency of these incidents:
- About three-quarters of respondents indicated they experienced a security event within the past year.
- Over one-third reported the number of security incidents had risen over the same time period.
- Nearly 60 percent said they were more concerned about cybersecurity threats now than last year.
- The average number of attacks during the year was 139 per organization.
- More than two-thirds of those who suffered an incident were unable to estimate the financial impact.
- Those who could place an estimate put monetary loss at an average of $415,000 annually.
"Cybercriminals evolve their tactics very rapidly, and the repercussions of cybercrime are overwhelming for any single organization to combat alone. It's imperative that private and public organizations collaborate to combat cybercrime and gain intelligence about security threats and how to respond to them. A united response will prove to be an indispensable tool in advancing the state of cybersecurity," said David Burg, PwC's Global and U.S. Advisory Cybersecurity Leader, according to the source.
The news source added that the U.S. Director of National Intelligence identified cybercrime as a bigger national security threat than terrorism, espionage, and weapons of mass destruction
Despite the complexity and sophistication of cyberattacks, organizations can - and must - take measures to prevent their systems from being compromised. The source offered the following areas to focus on:
- Take a strategic approach to spending for security, investing in both people and processes.
- Evaluate the security capabilities of third-parties, such as secure file transfer vendors.
- Work with partners and other organizations on security and threat awareness.
- Mitigate insider threats.
- Improve employee training to deter behaviors that leave systems vulnerable.
- Implement robust security protocols for mobile devices and BYOD policies.
As one piece of a comprehensive security plan, companies can implement secure file sharing tools that are easy for employees to use and uphold best practices for encryption and other data protection measures. For example, to reduce the chance of insider threats, organizations can maintain central control over corporate resources so access can be modified if necessary, such as when a worker is leaving the business.