The cost of cybercrime goes far beyond the actual money invested in detecting, responding, and recovering an organization from an attack. It includes the loss of data, productivity, money, and even reputation. It can even strike so hard that it forces an organization to close its doors.
The situation has been getting worse year after year. In fact, when you go back in time, you can see that in 2015 the World Economic Forum estimated the cost of cybercrime to be $3 trillion worldwide. Today, Cybersecurity Ventures predicts that it will grow by 15 percent every year for the next five years, reaching 10.5 trillion dollars by 2025. A rise of almost 7 trillion dollars in just 10 years.
Not only are hackers running one of the most lucrative “businesses,” but they are close to having zero chances of being discovered and prosecuted, according to the World Economic Forum.
These numbers only mean that organizations (private or public, small or large) are not taking action to prepare themselves for a cyber-attack. During the first six months of 2021, it became more evident than ever before. We have seen how the Colonial Pipeline suffered a major attack that shut down the gas supply for the East Coast of our country, how the NBA lost over 500GB of confidential data on the Houston Rockets, and how The Steamship Authority of Massachusetts ferry fell victim of a ransomware attack that affected its logistics and services.
How Can Organizations Mitigate the Risks
The solution here is not to fear cyber-attacks but to make your organization cyber-resilient. Anyone who works in cybersecurity must acknowledge and help their management team understand that the risk of falling victim to hackers is always there. You need to have a plan in place that will enable business continuity while responding and recovering from the attack, lowering the actual impact and cost of cybercrime in your organization.
Also, there are a few industry best practices that every organization should apply to help minimize the risks of attacks:
The first thing you need to do is provide security training for your workforce regularly. They need to spot a suspicious website or email and even identify a device that might be compromised. They need to know what to do, who to call, and how to react to an attempt against their data security.
You also need to encrypt as much data as possible, creating an identity and access policy that restricts users who have access to sensitive data, updating and patching software regularly. Most importantly, you have to be proactive and constantly strengthen your security measures.
These practices can help save your organization.