For your organization and others alike, its bottom-line growth is understandably priority number one. But as you’re likely well aware, the growing cyber threat landscape means more risks to organizations’ bottom lines are emerging every day. And while creating a sound cybersecurity strategy can seem overwhelming to teams low on resources, time, or talent, bad data management can be far more detrimental in the long run for an organization looking to grow. The following six risks pose the biggest threat to your organization’s continued growth and deserve your security team’s attention moving forward. And the good news is – many of these risks can be addressed methodically, with the help of trusted partners, to bolster your cybersecurity where you need it most and strengthen it over time.
1. Cyberattacks
Every day, cyberattacks are becoming more frequent, sophisticated, and damaging. Whether hackers choose to invade an organization’s network by taking advantage of an unpatched zero-day vulnerability, deliver a dangerous payload to halt their operations, or intercept network traffic to steal data, if that organization isn’t prepared for such an attack, its bottom line can take a serious hit.
Cybercriminals’ use of malware, and specifically ransomware, has seen a dramatic uptick since the beginning of the pandemic. According to SonicWall’s 2022 Cyber Threat Report, 623.3 million ransomware attacks were recorded in 2021, marking more than a 100% increase from the year before and more than a 300% increase from 2019. Furthermore, evidence suggests that both ransom demands and ransom payments are trending in the same direction. According to an update of Palo Alto Network’s 2021 Unit 42 Ransomware Threat Report, the average ransom demand has skyrocketed to $5.3 million, and the average cost of a ransom payment has risen to a staggering $570,000. The payment of a large ransom, the cost of halting business operations, and any harm the malware may have inflicted on an organization’s systems can all dramatically affect that organization’s bottom line, and if any sensitive data was compromised, the bill can soar even higher.
2. Unprotected Data
While a cyberattack in and of itself can be incredibly detrimental and costly, as we alluded to, when an organization’s sensitive data is stolen or otherwise compromised as a result, their bottom line can take an even larger hit. According to IBM’s 2021 Cost of a Data Breach Report, the average cost of a breach rose by 10% compared to 2020, now sitting at $4.24 million per breach.
Leaving your organization susceptible to a breach can exacerbate the fallout of an already costly cyberattack. For example, while a ransom payment may only cost an organization $570, 000, that figure does not account for costs associated with the suspension of business operations, the reinstatement of systems, investigation costs, and perhaps most importantly, compliance fines. In reality, the total average cost of a ransomware attack comes out to a whopping $4.62 million. While cyber insurance can help to cover some of these damages, ultimately, taking steps to protect your organization’s data before a breach ever happens is the most important factor in avoiding a breach’s unanticipated costs.
3. Human Error
When organizations take steps to protect their data against breaches, more often than not, they mistakenly prioritize protecting against outsider threats first. And while breaches are certainly prone to occurring because of an outsider with malicious intentions, insider threats and accidents can sometimes be overlooked. Egress’ 2021 Insider Data Breach Survey found that an overwhelming 94% of organizations experienced an insider data breach in the previous 12 months and 84% of organizations experienced a security incident because of an employee mistake.
Considering the average breach now costs organizations $4.24 million, it should go without saying that protecting against insider threats like human error is just as if not far more important than protecting against purposeful external attacks. Organizations can begin to combat human error by securing the way their employees share its data. Ensuring your organization’s sensitive data is encrypted in transit and can only be opened, read, modified, and forwarded by those with specific permissions is key to avoiding an accidental, yet just as costly data breach.
Related reading: Secure Data Sharing Solves These 3 Cybersecurity Challenges
4. A Flat Network
Because human error is now such a prominent source of data breaches, granting employees too much access to your organization’s network can be incredibly dangerous. According to Verizon’s 2021 Data Breach Investigations Report, the use of stolen employee credentials was present in a quarter of all breaches in the previous 12 months. When an employee whose credentials have been stolen has full or close-to-full network access, a hacker will have the same level of access while posing as that employee.
A way for organizations to begin combating this risk is to properly segment their network. Rather than the organization’s various network components all depending on a singular perimeter defense system, segmenting the network into several smaller sub-networks will only allow employees (or any bad actor posing as an employee) to have the least amount of access necessary. Although the goal of addressing security risks is to prevent a breach before one ever occurs, if and when one does occur, organizations can take advantage of a segmented network to limit the impact of the breach and quickly contain the threat.
Related reading: Why and How to Implement Zero Trust Architecture via Layered Security
5. Undertrained Employees
A lack of employee training is consistently one of the biggest contributors to breaches that occur as a result of human error, and a lack of training can show itself in several ways. Most pertinently, employees have shown themselves to be susceptible to social engineering attacks, and a bit more specifically, phishing attacks. A 2021 report by AtlasVPN indicated that social engineering attacks were responsible for the most organizational data breaches (14%) in 2020. Furthermore, PhishLabs’ most recent Quarterly Threat Trends & Intelligence Report found phishing site volume increased by 28% in 2021, among other concerning statistics.
A lack of comprehensive, consistent, and engaging training can also lead to bad password hygiene, password theft, or even accidental data breaches like those discussed earlier. Proper employee training, on the other hand, can help to mitigate phishing and other social engineering attacks when implemented according to best practices. Unfortunately, organizations often neglect security training, and will sometimes even fail to create and enforce data security policies and procedures for employees to follow in the first place.
6. A False Sense of Security
For the most part, all of the data security risks discussed up to this point are fixable by implementing concrete changes within your organization. Unprotected data and external threats like hackers can be accounted for by implementing data security solutions that integrate with your software and workflows. Undertrained employees and human error within an organization often go hand-in-hand and can be addressed by creating a thorough set of corporate data security policies and taking a more frequent and engaging approach to employee training. Even an outdated network security model can be updated to fall in line with best practices.
Having a false sense of security, though, is perhaps an even more dangerous risk to organizations’ security because fixing it requires a change in philosophy from the top down. If an organization’s c-level executives maintain an “it will never happen to us” mindset— “it” referring to a major security incident—other security risks may not appear to be risks at all. Evidence suggests that nearly 8 in 10 consumers decide which organizations to do business with based on their reputation for information security, and because it only takes a single data breach to leave an organization’s reputation and bottom line severely damaged, changing your organization’s security mindset for the better is well worth the time and effort even if it isn’t an easy fix.
