Effectively securing digital assets can be a convoluted task for any organization, and the cost of a security breach can extend beyond that of reputational damage. CRM columnist Kelly Liyakasa recently explored just how costly cybercrime can be for both businesses and their customers.
For example, a data breach at hotel chain Wyndham Worldwide that compromised the financial information of 619,000 customers led to $10.6 million in fraudulent payment card charges. As Liyakasa pointed out, the U.S. Federal Trade Commission charged Wyndham with failure to meet IT security best practices, but the company is not alone in that regard.
Most cybercrime takes the form of malicious code, denial of service, stolen devices and web-based attacks. In addition, the number of identity theft complaints filed with the FTC has gone up significantly from 900,000 in 2006 to 1.8 million in 2011. According to Paul Stephens, director of policy and advocacy at Privacy Rights Clearinghouse, the blame often falls on businesses because they do not take adequate steps to protect consumer data.
An additional challenge is that the overall impact of an incident can vary dramatically depending on the type of organization that was victimized.
"While small companies might be devastated by one instance of cyber theft, larger companies might not even realize they have been attacked for weeks, or even months," Liyakasa wrote. "When businesses are unable to recoup their losses, it can be difficult to estimate damages, the FBI says. Also, some companies do not wish to disclose that their systems and data have been compromised, making it a difficult task to calculate true damage and loss."
Following IT security best practices
Liyakasa also identified the most effective countermeasures for responding to the increase in cyber criminal activity. Because the threat landscape is constantly evolving, it can be beneficial for businesses to form partnerships with security organizations. For example, the Online Trust Alliance publishes guidelines for mitigating current security threats. Cloud hosting services may also include security features such as distributed denial of service (DDoS) protection. Other security practices that stand out, according to Liyakasa, include:
• Email authentication
• Maximizing SSL server security
• Using extended validation certificates
While it is not possible to completely protect against every threat, organizations can drastically reduce the number of vulnerabilities by implementing best practices and actively identifying weak points.
Methods for discovering data breaches
It's important for organizations to be able to respond quickly when an incident does occur, but not all strategies are created equal. Mark Goudie of Verizon recently identified several common strategies for threat discovery and compared their effectiveness. External breach discovery - in which a third party notified an organization of a potential breach - is the second most commonly observed medium for threat identification.
Active internal breach discovery is a method in which organizations use network monitoring, antivirus and other solutions to identify vulnerabilities before they become serious problems. Many experts feel this is the most effective strategy to protect organizations, according to Goudie. However, it remains an underutilized method even among large organizations. Another challenge is the issue of resources. Smaller businesses don't always have the financial power to hire staff with enough expertise and security awareness to implement preventative practices.
For businesses struggling to keep up with evolving security practices and threats, there are options available. Some employee training can protect against many common forms of attacks, such as phishing scams. Cloud hosting providers that offer benefits such as managed SSL certificates and firewalls can lift some of the technological burden off of businesses.