Today kicks off Security and Information Management Focus Week at Tech Data, where we’re focusing on ways to keep your business and your clients’ business protected from cyber threats. We’re doing this by educating our team members about cyber security trends and solutions.
Some of the information we’re sharing with your team includes how cyber security is showing rapid growth overall as the volume of threats has increased exponentially over the past few years.
For instance, International Data Corporation (IDC) forecasts worldwide revenues for security-related hardware, software, and services will grow to $101.6 billion by 2020. Compared to 2016 revenues of $73.7 billion, this represents a compound annual growth rate (CAGR) of 8.3%, which is more than twice the rate of overall IT spending growth.
While these statistics vary within industries, healthcare tops the charts as the largest predicted spend at 10.3% CAGR. Three other industries of vital interest include financial services, energy/infrastructure, and retail. Cyber criminals do not discriminate. Whether our customer is the consumer or a business, we’re all vulnerable.
Three Trends to Look For
Three trends dominating the cyber security industry over the next year or so—and which we’ve already seen gain momentum—are more sophisticated threats/attacks, a need for skilled resources, and cyber security insurance.
More Sophisticated Breach Attempts
If we take a peek back 25 years ago, our threats were worms that slowed down our computers. Ten years ago, denial of service attacks were surfacing, emails were being hacked and spyware was prevalent.
In 2010, Stuxnet, a piece of malware, crippled nuclear programs in Iran and Indonesia. Today, with the explosion of devices and Internet of Everything (IoT), Distributed Denial of Service (DDoS) attacks are now factors. We need to secure smart consumer and medical wearables such as pacemakers and insulin pumps.
One of the most notable progressions recently is ransomware. In the first quarter of 2016 alone, there have been more strains released than in the past eight years combined. Now that cyber criminals can access Ransomware-as-a-Service (RaaS), the odds of a ransomware attack are higher.
The strains have evolved from simply encrypting files and giving the decryption key to those who pay the ransom, to strains where the only way to get files back is by sending the malware to two people and threatening to publish them publicly if the victim doesn’t pay the ransom.
Scarcity of Skilled Cyber Security Personnel
As ransomware is now a $1 billion dollar business, and attacks from nation states are becoming more common, deploying highly skilled cyber security human capital is paramount. Since computers often run our daily lives and we rely on the Internet, protecting your business and your customers’ business should be a top priority. Cyber security certificate and degree programs are being added to university level curriculum to help fill this void.
In the state of Florida, the 2013 Florida State Legislature approved a plan to create an organization, FC2, designed to position Florida as a national leader in cyber security through education, research, and community outreach. The FC2 curriculum is in all 12 state universities, helping to incubate a highly-trained cyber security workforce.
Hedging Against Risk with Cyber Security Insurance
Designed to mitigate the loss from cyber incidents, insurance companies are now issuing standalone policies to help businesses in the event of a breach. It is impossible for policies to cover every possible incident as the threat landscape evolves quickly.
But according to The Department of Homeland Security, typical policies cover “costs arising from data destruction and/or theft, extortion demands, hacking, denial of service attacks, crisis management activity related to data breaches, and legal claims for defamation, fraud, and privacy violations.” Few policies actually cover the physical damage that could result from a successful cyber attack against critical infrastructure.
Larger organizations are early adopters for cyber security insurance, and even some insurance companies like AIG, have started offering policies for individuals. As the risk of a breach becomes greater, more companies will begin purchasing policies since the cost of a data breach typically puts an SMB out of business. According to Ponemon Institute, the cost of an average record is $217 each. If a business has 5,000 records, the estimated expense is more than $1 million dollars.
One thing that insurance cannot mitigate is reputation. If a cyber criminal compromises a company’s network and leaks client data, insurance cannot make this disappear. Unless you’re a giant corporation, the odds of the brand and company surviving a breach is small.
Three Takeaways to Consider Today
Here are three key ways you can put these trends to work for your business:
Educate Your Workforce, and Your Clients
So many times a breach through human error is the culprit. Training on the basics and what to look for to identify phishing scams can reduce the risk of a breach to a network. To accomplish this, it can be daunting. You may ask yourself, "How can I educate my staff or my customers when I’m not an expert?" There are security awareness services from companies such as KnowBe4 which include training material, simulations and tests to ensure your efforts are working. You can add these services to your offerings at minimal cost.
Leverage Security Assessments
Security assessments help you identify vulnerabilities and enable your clients to make an informed decision on which security technologies to invest in. In light of tight budgets, you’ll need to work with your clients to make sure they have the security coverage they need the most.
Use the security assessment to help identify gaps in an IT environment, how to proceed and build policies to minimize breaches. It can be a great way to have a conversation with a customer about their current security practices and for you to help them fortify current efforts.
Have a Contingency Plan
This not only covers flood, fire or natural disaster, but also a cyber attack. If one of your clients is compromised by ransomware, do you have a plan and know exactly who to call and what to do? Most important is having a point of contact to make decisions. Is it a resource in your client’s organization or yours? Also, part of the plan is backup and recovery. Be sure that your backup source is off site and not connected to the production environment. This way, the backup source can’t be compromised even if the network is.
And don’t forget to test your backup! You don’t want to find out you can’t restore from a backup when you’ve lost all your data.
Lastly, consider information lifecycle management principles with data classification and setting policies in accordance to the type of data. All of these plans in place can help reduce the impact of a breach. This, in conjunction with a contingency plan, is the best way to be prepared. Any company (or person) is vulnerable.
As you are having conversations with your customers, I urge you to ask them about their cyber security plans and education programs. No one is immune from a cyber attack. For more information, contact a member of the Tech Data Security and Information Management team today 800-237-8931, ext. 73246.