Whenever a company suffers a headline-grabbing data breach, its reputation takes a serious blow. If you’re a big company, evidence suggests the impact is short-lived. But if you’re a small company doing business with large partners, it could be a different story. Retail giant Target saw its sales decline after suffering a breach in 2013 that compromised payment card information of 110 million customers, but one year later the company’s sales had increased. In a March 2015 article, Fortune magazine reported that breaches cost big companies “shockingly little.” Citing a study by Benjamin Dean, a fellow at Columbia University’s School of International and Public Affairs, Fortune reported that breach-related expenses cost Sony, Target and Home Depot “less than 1 percent of each company’s annual revenues” after suffering major cyber attacks. Even though the study measured revenue, there is a correlation to reputation. If customers abandoned a company in droves after it suffers a breach, the impact wouldn’t be this low.
Traditional cybersecurity approaches revolve around building a defensive posture. Cybercriminals come up with new, inventive ways to break into networks, and cybersecurity professionals scramble to stop them.
But what if you flipped this approach on its head? What if rather than a defensive approach, you went on the offensive? Is that even possible?
Ransomware discussions mostly revolve around protection against attacks, but how should we view an attack in the context of regulatory compliance?
The cloud’s greatest appeal is productivity. When executed properly, cloud investments produce productivity gains that permeate multiple aspects of the business – even less obvious ones.
BYOD is no longer a what-if. Judging from various studies, adoption of “bring your own device” policies has become commonplace, with upwards of 70 percent of businesses embracing this approach. But how well are those devices secured?
There’s a moment in every POS transaction when data collected from payment cards is at its most vulnerable. It’s the moment when the cardholder’s name, card number, expiration date and security code sits unencrypted in the POS system’s memory. If malware is present in the POS system, it can capture and transmit the cardholder information to a cybercriminal somewhere.
While organizations tend to view cybersecurity risks from an outside-in perspective, the reality is insider threats account for more than 50 percent of security breaches. Employee actions, whether malicious or inadvertent, pose a serious risk that companies cannot ignore.