Data is a valuable asset – and it comes in a variety of types, from customer data to business documents and intellectual property.
The value of this data has not gone unnoticed by the criminal element of society and businesses often go to great lengths to protect their digital records.
In fact, an entire industry has sprung up to mitigate the risk that hackers present. For example, there’s security software that can be purchased, while consultants and experts are available to assess your systems and train your team about the importance of cyber security – encryption, strong passwords and mobile security are just some of the lessons to be learned.
Research from PriceWaterhouseCoopers (PWC) found that in 2015, there have been 38 per cent more security incidents than were detected in 2014, while theft of “hard intellectual property” increased 56 per cent this year.
However, when managing the risks involved with cyber security, it’s not just the hackers you need to worry about. PWC’s research found that employees remain the most cited source of compromised security, while incidents attributed to business partners have climbed to 22 per cent.
In recent months, there have been a number of stories in the news about big businesses and how their data has been compromised by other means. Let’s look at a couple of examples:
British Gas – More than 2,000 British Gas customers saw their details posted online in October. However, the energy provider said that it did not believe the breach was a result of the company’s own security problems.
An email to customers explained: “[‘¦] There has been no breach of our secure data storage systems, so none of your payment data, such as bank account or credit card details, have been at risk.”
The company explained that it encrypts and stores all data securely. “From our investigations, we are confident that the information which appeared online did not come from British Gas,” it added.
According to the Guardian, if the customer details didn’t come directly from British Gas, they could have been pieced together from other data breaches. For example, scammers may have tested for email addresses and passwords that were re-used across multiple accounts. Or they could have been obtained through a phishing campaign that targeted British Gas customers.
Marks and Spencer – The department store had to temporarily suspend its website back in October after a technical problem led to logged-in customers being able to see other customers’ data. The retailer said that its website was not hacked by outside third parties, and there is no security risk for affected customers.
In a statement, M&S explained: “Due to a technical issue we temporarily suspended our website [‘¦] This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers. We apologise to customers for any inconvenience caused.”
What are the risks?
Whether an organisation suffers a data breach following an attack by hackers, or other means, the risks are still significant, ranging from a decrease in customer trust, through to legal liabilities. When it comes to intellectual property being compromised, it could lead to serious financial repercussions too.
For example, the 2014 hack at Sony Pictures, the entertainment company was threatened with terrorist attacks if they continued with the release of The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un. Various cinema companies refused to show the film and Sony opted for a limited release, mainly distributing it for home media instead.
Dealing with cyber risks
In order to reduce the threat of cyber security risks, businesses are investing in a number of core safeguards to better defend against threats.
PWC’s research indicates that nearly a quarter of companies surveyed (24 per cent) have boosted their security budgets in 2015, and the result has been a five per cent decrease in financial losses from 2014 to 2015. What measures do these organisations have in place?
- An overall information security policy.
- Employee training and awareness programmes.
- Security baselines/standards for third parties.
- CISO or CSO in charge of security.
- Threat assessments.
- Active monitoring and analysis of security intelligence.
Here at JCAD, our CORE software has been designed to help customers manage a variety of risks. To find out more, contact us today.