How to Keep Your Business from Being a Juicy Target for Cyber Criminals

U.S. companies are most targeted in cyberattacks, according to recent Ponemon Institute study

Sometimes there's a downside to having a strong economy: the relative wealth of U.S. companies has made them an especially juicy target for cybercriminals, according to Larry Ponemon, publisher of the Ponemon Institute's 2015 Cost of Cyber Crime Study.

"A lot of the bad guys see more money in the U.S., and therefore more economic value, and more leverage, by committing crime in the U.S.", says Ponemon.

The cost of cyber crime in the U.S. grew by 20 percent last year - an average of $15.5 million for each of the participating U.S. companies. The Ponemon Institute report, sponsored by HP, found that this number is twice as high as Germany's $7.4 million, the second-most expensive country for cyber crime. The Ponemon Institute also assessed the cost of cyber crime in Australia, Brazil, Japan, Russia and the U.K.

How you can improve security

With the proliferation of Cloud, mobile and social apps, sensitive information is getting harder to secure. "We know that anytime there's a new technology introduced, things become harder to secure", explains Ponemon. "That being said, the good news is that there are certain enabling security technologies that really seem to make a difference and reduce the overall cost."

There are three main solutions that Ponemon advises CIOs and CISOs to look at:

1. Network intelligence: Whether with a SIEM (security incident and event management) solution or other network security tools, the ability to spot strange activity on your network - and stop it before it spreads - is key. Bottom line, you want as much real-time visibility into your network as possible.
2. Perimeter controls: In most of the countries included in the report, this was the technology most commonly associated with decreasing the cost of cyber crime. Firewalls of old have evolved to become "smart", and now often include proactive threat intelligence.
3. Encryption: Employed by the ancient Greeks, this age-old security tactic is seeing new life, thanks to modern computing power. Cryptological solutions like tokenization mean that even when cybercriminals do finally steal some of your data, it will be useless to them. "Most of the bad guys are very lazy attackers, and they move to the next thing rather than try to spend time breaking your encryption code", says Ponemon.

Your people and processes can empower or imperil your security

Regardless of your technology, Ponemon says that time and time again, the "good person who does a stupid thing" is the weakest link in enterprise security. But, he notes, people power is actually one of the best returns on security investment.

"Simply having a person responsible for leading security efforts affects costs in a favorable way", says Ponemon. "Having a steering committee of people across different functional areas in your company for security, again, reduces costs. Making sure that the end users of technologies in your company are adequately trained has a very favorable ROI - and this is something that we saw consistently in all countries."

Because it's more a matter of when your company experiences a security breach rather than if, security leaders should have a breach reaction plan in place and a team to carry out the plan -made up of key people across the organization, from PR to operations. This kind of proactive thinking elevates the conversation from tactical to strategic.

"A security-related problem can impact an organization's strategic positioning", Ponemon explains. "Understanding that, and making sure that your security policy is strategically aligned with business objectives, is the smart thing to do if you want to be seen as a leader in your organization."

Besides crafting a breach response plan, Ponemon says that taking a sandbox approach to security is wise. "In the world we're living in today, the bad guys are really good at what they do, and the days of building perfect prevention - which really never existed - are over. You have to build a technology-based defense that acknowledges that the bad guys will get in, but they'll get in only to a certain place and then youll be able to stop them very quickly. It's about containment rather than prevention.

RELATED NEWS