Cyber Security Incident Management

After 11 data breaches[i] that occurred in the past few years, it is necessary to look at why it happened, and how companies can protect themselves. The cost of such a breach to a big company can run into millions. In fact, the cost to Anthem is estimated to be more than $100 million. You may think that because you’re a small business or a small company, it may not affect you. But you will be wrong. According to Forbes[ii], 70% of firms report a cyber security incident. Hackers don’t care how big or small you are. This is why you have to have a Cyber Security Incident Management system in place.

The goal of the hacker could be one of three things:

He just wants access so that he can “take over” the website. In some cases, just to show off. He makes his own first page that replaces yours. He does this out of spite, and just to say: “Look at me, look how clever I am!”

The second goal may be to redirect your traffic to another website. Here, it may take longer for you to find out what’s been done. It may take months, or you may just have to shut down your business because you think there’s no-one interested in your business or your products.

The third goal is to steal your customers, your data, or payment information of your customers.

How does the hacker do these things?

Hackers can intentionally break your defenses by guessing passwords. It is therefore imperative that you have good passwords and that you change them often. Sometimes a hacker accesses passwords through sending phishing emails, or by stealing a laptop.

What does a hacker gain from hacking?

He gains valuable assets: intellectual property, personal data like names, addresses, dates of birth, credit card or banking information or other sensitive business information. Sometimes they just like to block you and ask you to give them money to unblock you. A hacker may also hack for a cause by taking over a website and creating a page or redirecting to a cause. This is known as hacktivism.

Another example is the election, where hacking was the norm to expose the parties and show fraud and other damaging secrets. You can see the far-reaching impact stealing or exposing information can be.

As information is your most valuable asset, it will be very prudent to protect it. Just think what you have that could be valuable to someone else. It could be your personnel or customer data, intellectual property, banking information, pictures or correspondence. This is why any business is a target. A data breach is very costly, and there are immediate costs in clean up and investigation. In fact, Azgad Security makes more money cleaning up the mess a hacker has left than they do in prevention. Preventing a cyber-attack is much cheaper than cleaning up after an attack.

Far worse, though, is the long term costs a cyber-attack leaves behind:

  1. You may lose your IP and need to obtain a new one.
  2. Your customers may lose faith in you and you need to gain their trust back.
  3. Your brand reputation may suffer
  4. Your income may suffer

There exists an “underground” or “Dark” internet where people trade in all kinds of information. There is a hidden network where goods and services of illicit nature is sold, and it is completely anonymous. Some estimate the size of this network to be 500 times bigger than the normal internet you and I use.

It is fair to say that business leaders aren’t aware of the magnitude of this problem and that they are not prepared. Ideally you need a manager whose focus is on security issues, and who can stop attacks when they happen. Most small to medium sized businesses are not able to afford such a manager.

The solution is to hire a security team who monitors your website in real time. Azgad Security monitors your website 24/7 and stops attacks as they happen. They install software on your website that alerts them as soon as hackers start attempting to hack. It is surprisingly affordable.

You owe it to your customers or clients and your employees to look into it further.

[i] http://www.bankrate.com/finance/banking/us-data-breaches-1.aspx

[ii] https://www.forbes.com/sites/kimberlywhitler/2017/02/11/70-of-firms-report-a-cyber-security-incident-why-marketers-should-care/#869c79c30062