When study after study shows a consistent challenge for businesses to onboard cybersecurity holistically, you have to wonder why that is. The reasons vary from lack of expert IT security professionals to go around, to thinking quick fix security solutions can work or be enough to defend against intrusion.
However, one of the biggest reasons that gets less attention lies behind one of the most common questions CEOs have when asked about their security posture; and that question is, “What do I have that anybody would want?”
If a CEO or any business executive thinks they don’t have anything that is worth stealing it is no wonder that they are not inclined to invest in cybersecurity and to take the steps necessary to make cybersecurity part of the business process.
Part of the problem is that when you look at how cybersecurity articles or studies discuss the value of data for cyber criminals they present it in a format that might not catch the eye of a small business CEO or executive; particularly, if they don’t fall within one of the top industries hackers tend to steal from.
For example, it’s been known for quite some time that financial services and healthcare providers hold data that hackers want because they can sell that data on the dark web at a very good price. Every so often you’ll see some article online discussing this. Just recently on Darknetmarkets there was one such article that talked about how data stolen from a clinic in Baltimore (over 43,000 records) were being sold on the dark web at a price of $300 or less than one cent per record.
If a CEO or business executive were to come across this article and they were not a healthcare provider it would probably not catch their attention, yet the data that their business holds for employees and customers is just as valuable, and can lead any cyber criminal to get additional data they need to then bring over all that data and sell it on the dark web.
In addition to making a profit from selling data, cyber criminals also want data for other malicious purposes such as identity theft or political reasons. Since data holds the names and at least some credentials that can be used for any purpose, all businesses types, large and small, hold something of value. Even more concerning is that getting breached isn’t just about the data you need to protect, but it’s also about putting your entire system at risk of shutdown. This means downtime, which means no money is coming through the doors, which is why it’s no surprise that 66% of organizations would likely be unable to recover from a cyberattack (IBM and Ponemon study).
The message here is to make it clear to all businesses and executives that business data is important to a cybercriminal, which means all you need is sensitive information of any employee and/or customer and your business is an automatic target for hackers.
Don’t leave your network unattended, let’s talk about cybersecurity to keep you safe from breach.
Photo courtesy of alexskopje