Cybercrime is estimated to cost the global economy $450 billion annually, a figure that rivals the global illicit drug trade. Impressive on its own, the cost of cybercrime at the business level is equally sobering, with one report suggesting that the average cost to businesses of cyber crime is now $7.7 million.
Steve Durbin, Managing Director of the Information Security Forum (ISF), recently contributed an article to CSO about the need to move beyond cyber security in order to address cybercrime. Current control mechanisms are unable to keep pace with the growing impact that cybercrime has on organizations. As a result, businesses are more likely to "suffer embarrassing incidents" that could have a longer term impact.
“Cybercrime, along with the increase in hacktivism, the increase in cost of compliance to deal with the uptick in regulatory requirements coupled with the relentless advances in technology against a backdrop of under investment in security departments, can all combine to cause the perfect storm. Moving forward, if the C-Suite doesn’t understand cyberspace, they will either take on more risk than they would knowingly accept, or miss opportunities to further their strategic business objectives such as increasing customer engagement or market leadership."
No organization is immune from cyber attacks or data breaches. But much can be done to improve security posture to lower the number of attacks, detect attacks more quickly and reduce the impact of security incidents. Durbin notes that the standard security posture—managing and controlling known risks—is limited in addressing the rapidly changing risk landscape. Instead, organizations must look to cyber resilience.
"Cyber resilience anticipates a degree of uncertainty: it’s difficult to undertake completely comprehensive risk assessments about participation in cyberspace. Cyber resilience also recognises the challenges in keeping pace with, or anticipating, the increasingly sophisticated threats from malspace. It encompasses the need for a prepared and comprehensive rapid-response capability, as organizations will be subject to cyber-attacks regardless of their best efforts to protect themselves.”
We have previously shared some of our own thoughts on the importance of resiliency in data security. In today's security landscape, adaptability is a key differentiator. Be prepared for changing threat conditions, and maintain the ability to recover from disruptions. Resilient organizations are those who will be able to quickly remediate a security incident before it becomes a data breach. They will also be able to detect security incidents through automated alerts, and have plans in place to quickly respond.
A report earlier this year suggested that up to 80% of connected endpoint devices in organizations are vulnerable to malicious attack. Another report by PwC suggested that exploited mobile devices account for one-third of cyber security incidents. Clearly, creating resiliency on the endpoint will help you to better manage cyber threats.
Absolute provides unprecedented visibility into the endpoint and the data it contains. The Endpoint Data Discovery (EDD) feature of Absolute DDS 6 allows you to see where your sensitive data is, at any time, on or off the network. Thanks to automated alerts and remote capabilities supported with Absolute persistence technology, you can maintain oversight over your endpoints: check the status of security software, receive alerts for unusual user or device activity, and lock down or wipe devices that are deemed to be at risk. Thanks to automated alerts and a persistent connection to devices, coupled with our incident response services, you can remediate security incidents - often before they become a full-scale data breach. To learn more, visit Absolute.com