There are things that business leaders and business owners think about and prioritize. And then there are things that the average employee focuses on. These two categories of concerns aren’t always the same. This is certainly the case when it comes to cybercrime and how to respond to it.
Business owners understand the severity of cybercrime in today’s hostile marketplace. As an employee who is hoping to rise the rungs of the “ladder” and carve out a successful career with upward mobility, it behooves you to think in terms of the things that your bosses care about. This means paying more attention to how you can improve cybersecurity within your own department.
The State of Cybercrime in 2023
Cybercrime is getting worse by the year. And according to Cybercrime Magazine, “If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $8 trillion USD globally in 2023, according to Cybersecurity Ventures — would be the world’s third-largest economy after the U.S. and China, surpassing the wealth of entire nations.”
That quote says it all. This is a huge issue with serious ramifications that must be understood at every level of every business. Cybercrime Magazine goes on to round up some of the latest statistics by explaining:
- Cybercrime costs are expected to grow 15 percent per year over the next three years, scaling to $8 trillion globally in 2023 and $10.5 trillion by 2025. For perspective, costs were ust $3 trillion in 2015.
- Cybercrime is now considered one of the top 10 most severe global risks over the course of the next decade. It’s nestled between climate change and involuntary migration on the World Economic Forum’s annual list.
- The average cost of a data breach – which includes lost business, escalation, detection, notification, and the post-breach response – was roughly $4.25 million in 2022. That’s a 2.6 percent year-over-year increase.
We could list dozens of more statistics, but you get the idea. Cybercrime is serious – and it’s impacting businesses at every level. The more you understand it, the more you can do to improve your department’s planning and response.
Practical Tips for Improving Your Department’s Approach
As you look for opportunities to improve your approach to cybersecurity within your department, consider these practical tips:
1. Encourage Proper Password Hygiene
There’s no replacement for having strong passwords. Because, while there are certainly complex “backdoor” methods, most bad actors and cyber criminals still prefer to come in through the front door. In other words, they would just assume compromise a password and login like anyone else.
One way to reduce the risk of these front door attacks is by encouraging proper password hygiene in your department. Here are several tips:
- Encourage password rules that include a combination of uppercase letters, lowercase letters, numbers, and symbols
- Establish automatic alerts that require users to change their password every 60 to 90 days
- Ask employees to use a password manager to securely store their passwords
- Prohibit employees from accessing business accounts on personal devices
2. Audit All Software Vendors for Security
Anytime you’re thinking about using a new SaaS product or application, take the time to audit the security of these vendors.
“Ask them if they have a third-party service organization control (SOC) report to prove they follow best practices,” Cetaris advises. “Inquire about the types of penetration tests that have been conducted on their products. Ask them if they have tested for the OWASP Top 10 security risks. And, understand what kind of training their team is provided to ensure they understand the safe use of certificates and keys.”
This might seem like overkill, but it’s important. You’ll learn which providers actually prioritize security (versus which ones try to toss in some clever lines in their marketing).
3. Implement Proactive Practices
Deploying advanced monitoring tools and technologies allows departments to detect threats in real time. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) can actively monitor network traffic for suspicious activities, triggering immediate alerts when potential breaches are identified.
The same goes for behavioral analytics, which proactively help businesses identify anomalous patterns in user behavior. Machine learning algorithms can establish a baseline of normal behavior and detect deviations that might indicate unauthorized access or compromised accounts.
Don’t sit back and wait for things to happen. Get ahead by leveraging the technology that already exists in the cybersecurity market. You may have to convince your upper management to give you support in this area, but these are conversations worth having.
Putting it All Together
There’s no secret recipe for making your department invincible to cyber attacks. (If there was one, don’t you think everyone would be using it?) With that being said, it’s up to your team to implement proactive steps to ensure you don’t become the next victim. That starts today!