About Cyber Security in Business

Cyber security, in its broadest sense, refers to the application of techniques, protocols, and policies designed to safeguard systems from unauthorized access. Protecting computers, data, internet networks, and programs from cyberattacks is the aim of cybersecurity. Cyber-attacks are purposeful, ongoing attempts by hackers to access and compromise computer systems. In order to make the security system susceptible to ongoing attacks, terrorists and criminal gangs are always working to discover its most important secrets. The possibility of cyberattack has increased along with the number of organizations that are doing business online. Cyberattacks have shown to be extremely harmful to the corporate community, particularly in industrialized countries. Cybercrimes have been identified to have damaging effects on trade, competitiveness, and the overall global economic growth. Hackers, whose main aim is to cause damage to the cyberspace, have ruined several multinational corporations’ good reputation. Corporations lose their intellectual property rights due to cyberattacks and this has resulted in enormous losses. Cyber-attacks also lower dividends, which come with innovations and inventions because businesses are unable to maintain their competitive edge. When a company loses personal information then it is at a very high risk of losing its comparative advantage and edge. For instance, in 2013, The United States of America lost 400 million US dollars to cybercrimes. Studies in the United States also revealed that 200,000 American jobs are lost annually in the export sector (Anderson, R., & Barton, C., 2014).

This research paper delves in identifying the cost of defence against cybercrime, the various types of cyber-attacks and mitigation measures. This paper takes into account the cost of losing an intellectual property, the cost of repairing tarnished reputation of a company that has been hacked, the cost of securing network systems and the cost because of theft of financial assets and other key financial information. Attaining cyber security requires a multifaceted coordination of all organs and departments in a system.

Types of Cybercrimes

According to a report by The Information Security arm of CGHQ (2015) cyber-attack is carried out in four distinct stages. In the publication titled Common Cyber Attacks: Reducing the Impact, the first stage involves a survey of all potential organization or business. This stage encompasses a thorough and detailed analysis of the information system in order to identify the loopholes and vulnerabilities. The second stage involves delivering a report on the identified weak areas in the system. The point of exploitation is identified with certainty at this level. Next is breach where the hackers gain unauthorized access to an information system. The final level is the affect stage. The hackers carry out their intended harm into the system. Essentially, all organizations are potential victims of cybercrime. Below are some of the identifiable types of cybercrimes.

Service Interruption

The main aim is to ensure that a computer or a device does not perform its duties optimally. The cyber- criminals ensure that the devices record down, which result in losses in the organization. The effect of this attack is also damaging the reputation of an organization. Competing firms in a bid to outdo each other carry out much of this form of attack. The eventual system failure is the ultimate goal of the hacker as the rival firm able to flourish and overtake its competitors.

Data Exfiltration

The objective of this attack is to access and steal confidential and sensitive information from the target organization. This has been reported as one of the most damaging forms of cyber-attack because its risks to the target farm include theft of intellectual property. Private data and information are exposed to the public by these hackers. Loss of financial data and consequent loss of money has been proved to be caused by this form of cybercrime.

Bad Data Injection

The goal of this attack is to report false information without detection. The hackers access the central data storage centre and make damaging alterations. Large organizations with high data volumes have been used as targets for this form of cyberattack. The consequences are highly catastrophic to the victim organization. Loss of customers and eventual bankruptcy may occur especially in the banking sector.

Device Compromise

In this case, hackers gain full control of the system and run it the way they deem fit. This is the worst form of cybercrime. An external individual who is not privy to the organization steal the entire system and report all forms of damaging information. Access to financial confidential data renders the target organization uncompetitive. Network failures are imminent in this type of attack.

Advanced Persistent Threat

The aim is to gain extended access to a device or a networking system. Third parties are able to control a system from remote and invisible control centres. The hackers can alter the data system without being detected because they can log into the system without being detected. Cyber attacks are hitting users at an alarming rate. As indicated by the Kaspersky Security Bulletin for 2015, more than one in three client personal computers encountered an attack while users were online during that year. Given the number of PC clients around the world, that is an amazing figure. This shows the rampant rate of attacks which are projected to rise every year.

According to Ponemon Institute Report, 2013, cyber crimes are constantly cost burdens to organizations. The research carried out from a representative of 60 leading US firms had the following findings. The cost of cyber crime is increasing every year as more businesses go online. The report points out that on average $ 11.6 million was lost in the United States in 2013. This wasan increased from the previous year which had reported an annualized cost of $ 809 million. The companies under study reported 122 successful attacks every week. The report points out that the most detrimental cyber attacks are those caused by web-based attacks and denial of service. The research was duplicated in other European countries such as France, Germany, United Kingdom, Japan and Australia culminating into a sample of 234 organizations. The report reported the lowest cyber attack cases in Australia and the highest in the United States. This shows that cyber crime differs in the different states but the common types were duplicated in almost all the countries sampled. The global report had the following findings.

All organizations fall victims of cyber crimes but at different levels. Industries in the banking, manufacturing and service sector all reported cyber attacks. Organizations in the banking and energy sector reported the highest attacks. The common attacks are adenial of service which includes downtimes and also web based attacks.They account for more than 60 percent of the attacks in the cyberspace. There is a positive relationship between the size of afirm nd the annual losses as a result of cyber attack according to the report. There is also a positive correlation between the time taken to resolve an attack and the company’s cost. For instance, attacks which take more time before they are detectedwreck more havoc thanthose identified in their early stages. Recovery from attack and also detection of anomalies have been identified to be the most significant costs in the cyber warfare. Recovery ad detection accounted for 50 per cent of the total internal cost annually. Budgetary allocation relating to IT activities and network security are the highest. This reveals the cos of combating cyber attacks. The report also points out that the deployment of security intelligence systems and a strong security posture greatly alleviates the cost of combating cyber attacks.Similar findings are published in a report by Detica Limited (2013) in the United Kingdom. The finding report cyber crime to be a national issue which should be given more attention. The estimated loss in the UK as a result of cyber attacks is 27 Billion Euros annually. Cyber attacks take place in the following ways:

Identity theft. The attackers have been reported to obtain personalinformationand use this information to open fake bank accounts which they use to get mortgages and loans. The victims are not aware until they are confronted for default.

Online scams are also on the increase where cyber criminals fraudulently trick innocent citizens into buying into their fake deals. Individuals are also fooled into giving their private information such as their credit card information which ends up under the control of the fraudsters.

Scareware. Fraudulent individuals misguided individuals into downloading software which causes more havoc than good into their computer systems. Mostly the scareware comes in form of antivirus which they use to gain accessto the system.

IP theft has been identified to be one of the most dominantforms of cyber attack. Mostly sponsored by rival companies in order to steal ideas, trade secrets and process data and information.

Other forms of cyber attacks published in the report are industrial espionage mostly used by rival organizations to gain entry into key information such as bid price before thereleaseof new product. Fiscal fraud has also been widely used in tax evasion in the UK. This has compressed public expenditure on development projects. Online stealing of revenue has been largely reported in the UK. Cases of extortion where companies have been held at ransom have resulted in theloss of billions of money. Customer data loss in an organization as a result of cyber attacks has greatly damaged the reputation of many organizations and loss of customer confidence. Cyber criminals mostly targethigh-value intellectual property, key company information, and bulk business data to cause damage and achieve their ill-advised goals (Gai, K., Qiu, M., & Elnagdy, S. A. 2016).

The Cost of Defence and Mitigation against Cyber Attack.

The aversion of digital criminal attacks is the most basic viewpoint in the battle against cybercrime. All clients should be mindful of the threats posed by cyberspace hackers before sharing or transacting any online businesses. An appropriate security precaution is the best guard against cybercrime. Each individual in the organizational system must know about the dangers of cyber-crimes, and ought to be trained on the accepted procedures to embrace with a specific end goal to diminish vulnerability to attacks and consequently moderate the dangers. The costs of defense against cyber-attack are both dire and indirect. The direct costs include the cost of detecting a cyber-attack, the cost of investigating the nature of the attack, containment cost, the cost of recovering from the digital assault, and ex post response cost. Indirect costs include information theft or loss, business disruptions such as down times, equipment damage and revenue loss. This process of making all and sundry aware of the dangers posed by hackers comes at a cost to the organization.

The normal direct expenses involved when there is breach of security are in the region of $40,000. This is in accordance to the Kaspersky Lab report. This incorporates the expenses of downtime, lost business prospects and the expert charges small companies contract to alleviate the security break. The examination demonstrates that, overall, small ventures can expect to pay $10,000 in proficient professional fees following a cyber attack. These charges can incorporate the procuring of IT security advisors, risk administration experts, lawyers, physical security specialists, inspectors and accountants. Other than the expert fees, the examination gauges that cyber attacks cost organizations $5,000 in lost business opportunities and $23,000 in downtime. Notwithstanding the immediate costs, large companies encounter various circuitous costs following a security break. The examination found that big organizations spend, largely, $8,000 attempting to avert similar occurrences in future. This incorporates hiring new staff, training current employees and making IT framework upgrades. Most organizations likewise endure reputational impacts after an assault. The research gauges the reputational harm of a security rupture could cost small companies $8,653

A study conducted by Vince, Bridget et. al, 2011 identifies investing in computer security and protection measures as a paramount undertaking in any institution. Any organization ought to put resources into security hardware and strategies to deflect or counteract digital assaults.These incorporate the most up-todate IT security measures, for instance, having the organization’s database on an alternate web server than the application server,Applying the most recent security patches, maintaining strict information approval,developing system security engineering and monitoring exercises and methodology of third party access to the sysem. All these preventive security measures are a cost to the organization.

According to Ponemon Institute Report, (2016), detection, investigation containment and recovery from a cyber attack is a significant internal cost in any organization. The Global Report points out that some attacks take more time to be recovered hence the high cost. The cost of upgrading a system in order to avert future related attacks is another significant expenditure.The cost of business interruption incorporates lessened employee efficiency and business process disappointments in the wake of a digital attack; this has been observed to contribute to 36 percent of the cost on average in any organization.Revenue loss and hardware harms take after at 20 percent and 4 percent of the total cost of cybersecurity cost respectively. Companies and organizations also spent significant amounts in thedetection of cyber attacks. The detection process incorporates IT gurus who have to be paid by the organization. This mostly happens when the company’s security department is unble to detect an attack.

Education and training of personnel come at a very high cost. However, this being a key precautionary measure, expenditure on training of all workers is inevitable. All employees must be made aware of security procedures in the system. Ignorance can be fatal to an organization and therefore the emphasis on training of all staff is a critical preventive measure. While end-user training and accreditation are basic to tackling the present attack on computer systems, it is imperative that associations of all sizes keep on investing in preparing and affirmation for the general population particularly in charge of developing and keeping up a safe system. Very regularly, associations that do send their IT staff for training are sending that staff to classes where they can learn the modern state of art security procedures (Kramer, 2017).

Changes in organizationalstructures put a company at a higher risk of attack for instance in cases of mergers or adoption of some new technology.Such advancements can build the danger of displeased and careless workers; subsequently, acquisitions should trigger organizations to be watchful and to maintain a strategic approachto digital attacks. This calls for increased expenditure in the security department which comes as an unanticiopated operational cost to the organization.In the findings, the higher the expenditure o security the lower the risks of cyber attacks (Tomner, 2012).

Stockwell emphasizes on the assertion by Kramer (2017), that a comprehensive system should be put in place so as to avoid data breaches. Stockwell advocates for encryption in data security. The encyption should ensure there is vetting of third user, data retrieveal should be restricted to authorizad personnel,a policy should be put in place within an organization to ensure that all access is approved. This however is a form of indirect cost which has to be incrred by any organizatio which is ready to safeuard the health of its system.

Conclusion

All the findings and researches discussed above coalesce into a common focal point that cyber security is a fundamental issue in any organization. Cyber security has developed as one of the basic issues of the present time; nobody is debating this. What keeps challenging organizations is that cyber- attacks are evolving every dawn. However, the escalation in cybercrimes can as well be attributed to reluctance in investing in cyber security, using old and outdated techniques in combating cyber-attacks and lack of well-trained personnel in counteracting cybercrimes. Another deterrent to winning the cybercrime war is that the public still perceives the cyber-attacks problems to be for the IT savvy. They need to be made aware that every individual should declare total war. For an organization to qualify as cyber secure it has to foresee the possible security breaches prior to engaging in any business, should employ mechanisms to thwart data loss which has been identified to have a huge cost implication, this can be achieved through data backups. In addition, the firm should be aware of all insider threats, protect its system against third party risks and invest in the security department to avoid huge losses, which would otherwise damage the organization’s reputation.

Preventive measures are significantly less costly than curative procedures. It is prudent for an organization to adopt cost lessening preventive measures rather than waiting for the imminent damaging attack. Moving forward, cyber security should be everyone’s responsibility. Constant training in order to identify the various sources of loophole should be made a priority.

References

Institute, P. (2013). 2013 Cost of Cyber Crime Study: United States. Traverse City, Michian 49629 USA: Ponemon Press.

Institute, P. (2016). 2016 Cost of Cyber Crime Study: United States. Traverse City, Michian 49629 USA: Ponemon Press.

Kramer, J. (2017, June 27). A Culture of Cybersecurity: The Only Way Forward. Retrieved from http://www.cyberdefensemagazine.com/wp-content/uploads/2016/10/A-Culture-of-Cybersecurity.pdf

Limited, D. (2013). The Cost of Cyber Crime. Guilford: Guilford Surrey.

Namestnikov, Y. (2015). Kaspersky Security Bulletin 2015.

Anderson, R., & C. Barton. (2014). Net Losses: Estimating the Global Cost of Cyber Crime. Washington: NewYork Press.

Stockwell, T. M. (2012). Dfending Against Data Breach. Silver Street Ashland, USA.

Tomner, T. (2012). The biggest cybersecurity threats of 2013. Forbes Magazine.

Vince Farhat, Bridget McCarthy and Richard Raysman, Holland & Knight LLP. (2011). Cyber Attacks: Prevention and Proactive Responses . New York, NY 10017 646.562.3405 : New York Press.

Gai, K., Qiu, M., & Elnagdy, S. A. (2016, April). A novel secure big data cyber incident analytics framework for cloud-based cybersecurity insurance. In Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2016 IEEE 2nd International Conference on (pp. 171-176). IEEE.