Blog

Cybersecurity

Why is cybersecurity important?
Cybersecurity
Why is cybersecurity important?
Abi Tyas Tunggal
Abi Tyas Tunggal
Updated Nov 27, 2020
Abstract shapeAbstract shape
Table of Contents
Relegation Fight
Join 27,000 + cybersecurity newsletter subscribers
Email address*
Cybersecurity is important because it encompasses everything that goes into protecting our sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and government and industry information systems from theft and damage attempted by criminals and adversaries.

Cybersecurity risk is increasing, driven by Global connectivity and use of cloud services such as Amazon Web Services to store sensitive data and personal information. Widespread poor configuration of cloud services combined with increasingly sophisticated cybercriminals means the risk of your organization suffering from a successful cyberattack or data breach is increasing.

Gone are the days of simple firewalls and antivirus software being your only security measures. Executives can no longer leave information security to cybersecurity experts.

Cyber threats can originate from any level of your organization. You need to educate your employees about simple social engineering scams like phishing and more complex cybersecurity attacks like ransomware attacks (think WannaCry) or other malware designed to steal intellectual property or personal data.

GDPR and other laws mean cybersecurity is no longer something businesses of all sizes can ignore. Security incidents regularly affect businesses of all sizes and often cause irreversible reputational damage to the companies involved.

If you’re not yet concerned about cybersecurity, you should be.

What is cybersecurity?
Cybersecurity is the state or process of protecting and recovering computer systems, networks, devices and programs from any type of cyberattack. Cyberattacks pose an increasingly sophisticated and evolving threat to your sensitive data as attackers use new methods based on social engineering and artificial intelligence to bypass traditional security controls.

The fact is, the world is increasingly reliant on technology, and that reliance will continue as we introduce the next generation of smart Internet-enabled devices that access our networks via Bluetooth and Wi-Fi.

Read our full guide to cybersecurity here.

The importance of cybersecurity
The importance of cybersecurity is growing. Fundamentally, our society is more technologically dependent than ever before and there is no sign that this trend will slow down. Personal information that could lead to identity theft is now being posted on our social media accounts. Sensitive information such as social security numbers, credit card information, and bank account information is now stored in cloud storage services such as Dropbox or Google Drive.

The fact is, whether you’re an individual, a small business or a large multinational corporation, you rely on computer systems every day. Combine that with the rise of cloud services, poor cloud security, smartphones, and the Internet of Things (IoT), and we have a host of cybersecurity threats that didn’t exist a few decades ago. We need to understand the difference between cybersecurity and information security, even as the skillsets become more similar.

Governments around the world are paying more attention to cybercrime. GDPR is a good example. It has increased the reputational damage of data breaches by forcing all organizations operating in the EU to:

Communicate data breaches
Appoint a data protection officer
Require user consent to process information
Anonymizing data for privacy
The trend toward public disclosure is not limited to Europe. While the United States does not have national privacy breach disclosure oversight laws, all 50 states have privacy laws. Commonalities include:

Require notification to affected parties as soon as possible.
Let the government know as soon as possible
Pay some sort of fine
California was the first state to regulate disclosure of data breaches in 2003, requiring individuals or companies to notify affected parties “promptly” and “immediately upon discovery.” Victims can be fined for up to $750 in lawsuits and companies can be fined up to $7,500 per victim.

This has prompted standards bodies like the National Institute of Standards and Technology (NIST) to publish frameworks to help companies understand their security risks, improve cybersecurity measures, and prevent cyberattacks.

Why is cybercrime on the rise?
Information theft is the most expensive and fastest growing segment of cybercrime. Largely driven by the increasing exposure of identity information on the web via cloud services. But it’s not the only target. Industrial controls that manage power grids and other infrastructure can be disrupted or destroyed. And identity theft is not the only target, cyber attacks can aim to compromise data integrity (destroy or alter data) to create distrust in an organization or government.

Cyber criminals are becoming more sophisticated and changing what you target, how you impact organizations and your attack methods for various security systems.

Social engineering remains the easiest form of cyberattack, with ransomware, phishing, and spyware being the easiest form of entry. Third-party vendors and third parties that process your data and have poor cybersecurity practices are another common attack vector, making vendor risk management and third-party risk management all the more important.

According to the Ninth Annual Cost of Cybercrime Study by Accenture and the Ponemon Institute, the average cost of cybercrime to an organization increased by $1.4 million last year to $13.0 million, and the average number of data breaches increased by 11 percent to 145. Information risk management has never been more important.

Data breaches can include financial information such as credit card numbers or bank account information, protected health information (PHI), personally identifiable information (PII), trade secrets, intellectual property and other targets of industrial espionage. Other terms for data breaches include inadvertent disclosure of information, data leaks, cloud leaks, information leaks, or a data breach.

Other factors driving the growth of cybercrime include:

The distributed nature of the Internet
The ability of cybercriminals to attack targets outside of your JURISDICTION makes policing extremely difficult
Increasing the profitability and ease of commerce on the dark web
The proliferation of mobile devices and the Internet of Things.
What is the impact of cybercrime?
A lack of focus on cybersecurity can hurt your business in several ways, including:

Economic costs: theft of intellectual property, corporate information, trade disruptions, and costs to repair damaged systems
Reputational costs: loss of consumer trust, loss of current and future customers to competitors, and bad media coverage
Regulatory costs: dsgvo and other data protection laws mean your business could suffer fines or sanctions due to cyber crime
All businesses, regardless of size, need to ensure that all employees understand cybersecurity threats and how to mitigate them. This should include regular training and a framework to work with to reduce the risk of data leaks or breaches.

Given the nature of cybercrime and the difficulty in detecting you, it is difficult to understand the direct and indirect costs of many security breaches. This is not to say that the reputational damage of even a small data breach or other security event is not great. If anything, consumers expect more sophisticated cybersecurity measures over time.

Here’s how to protect your business from cybercrime.
There are three simple steps you can take to increase security and reduce the risk of cybercrime:

Educate all levels of your organization about the risks of social engineering and common social engineering scams such as phishing emails and typos.
Invest in tools that limit information leakage, monitor your exposure to and risk from third parties, and continuously look for data exposure and leakage credentials
Use technology to reduce costs, such as automatically sending vendor assessment questionnaires as part of a comprehensive cybersecurity risk assessment strategy
Companies should stop asking why cybersecurity is important and start asking how can I ensure my company’s cybersecurity practices are sufficient to comply with the GDPR and other regulations and protect my business from sophisticated cyberattacks.

Examples of damages to businesses affected by cyber attacks and data breaches include the following
The amount of cyber attacks and data breaches in recent years is staggering and it’s easy to create a laundry list of companies that are household names that have been affected.

Here are a few examples:

Equifax: the Equifax cybercrime identity theft event affected approximately 145.5 million U.S. consumers along with 400,000-44 million Britons and 19,000 Canadians. Equifax shares fell 13% in early trading the day after the breach and numerous lawsuits were filed against Equifax as a result of the breach. Not to mention the reputational damage Equifax suffered. July 2019, Equifax agreed to a settlement with the FTC that included a $300 million fund for victim compensation, $175 million for states and territories in the settlement, and $100 million for fines.

eBay: between February and March 2014, eBay was the victim of an encrypted password breach, prompting all 145 million users to reset their passwords. Attackers used a small set of employee credentials to access this set of user data. The stolen information included encrypted passwords and other personal information, including names, email addresses, physical addresses, phone numbers and birth dates. The breach was disclosed in May 2014 after a months-long investigation by eBay.

Adult Friend Finder: in October 2016, hackers collected 20 years of data in six databases that included names, email addresses and passwords for the FriendFinder network. The FriendFinder network includes websites such as Adult Friend Finder, Penthouse.com, Cams.com, iCams.com and Stripshow.com. most of the passwords were only protected by the weak Sha-1 hashing algorithm, which meant that 99% of them had been cracked at the time LeakedSource.com published its analysis of the entire dataset on November 14

Yahoo: Yahoo announced that a breach by a group of hackers had compromised 1-billion accounts in August 2013. In this case, security questions and answers were also compromised, increasing the risk of identity theft. December 2016 reported by Yahoo and forced all affected users to change passwords and re-enter unencrypted security questions and answers to make you encrypted in the future. However, in October of 2017, Yahoo changed the estimate to 3 billion user accounts. An investigation found that users’ passwords in plain text, payment card data and banking information were not stolen. Still, this remains one of the largest data breaches of its kind in history.