Good cybersecurity practice does not hinder productivity . Ultimately , it enables it .
sense of exactly what the final recovery bill would be .
Perhaps the most notable quality of NotPetya was that even if its victims paid up ( which , once again , I do not recommend ), they could not get their data back . The ransomware was written without a victim ID , making it impossible for even its controllers to decrypt .
Of course , this is an extreme example . Our respondents were far more likely to be the victims of smaller scale attacks , costing them a smaller amount , but the point stands that much of this kind of global havoc and the hundreds of millions in lost revenue , hinged on the poor security practices of many . Including , most notably , a simple failure to patch the EternalBlue vulnerability which was used in both cases and for which a fix was issued months earlier .
Don ' t get me wrong , the 23 % who reported reputational damage as a direct result of poor security behaviour is nothing to sniff at . A PwC ’ s economic crime survey for 2016 labelled it as the most damaging impact of a breach . Avid Life Media felt that sting particularly keenly after the well publicised breach on Ashley Madison , the online dating service for married people , forced the CEO out and prompted the company to rebrand entirely .
While the 21 % who complained of legal and compliance penalties were the least populous of the three groups , they were also the most heavily taxed for their failures . The average monetary loss for our respondents was US $ 4.2 million but those that had to face a court case or hear the heavy hand of the regulator at their door lost an average of US $ 11 million .
The regulators hand can indeed be heavy . And it will now be heavier still .
The EU ’ s General Data Protection Regulation ( GDPR ) came into effect on May 2018 and promises to overhaul Pan- European data protection regulation not just for residents but anyone who does business with Europe .
Good cybersecurity practice does not hinder productivity . Ultimately , it enables it .
It introduces a whole new raft of security measures including reporting requirements and importantly , a variety of basic security measures . Should a company or organisation fall short of those requirements they will face vindictive fines of up to € 20 million or four percent of global turnover ( and this is important ), whichever is higher . That US $ 11 million figure may soon be dwarfed .
There are a variety of good technical solutions to nip these problems in the bud but your workforce will always be your first and best line of defence . Making sure they know how to spot a phishing email , which is still the main attack vector for so many campaigns , will be the difference between a smoothrunning business and a paralysed one .
That has to be upstairs as much as down . For some , there is a reigning idea that cybersecurity is merely a road block to an efficient workflow . Workforces find it cumbersome to work around blocked applications and applications and c-suite executives don ’ t want to bother with long , complicated passwords . We know that the reverse of that is true . Cybersecurity is as much a part of business continuity plans as anything else . Communicating that is an uphill battle , but a decisive one in the war against insecurity . u www . intelligentciso . com | Issue 03
75