You can be on Entrepreneur’s cover!

If Cybersecurity Breaches are Inevitable Then What Should Organizations do about it? It's becoming increasingly clear that businesses can't live in the prevention only paradigm anymore. That mindset is simply outdated and out of sync with how businesses today work

By Maxim Frolov

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Shutterstock

There's an inconvenient truth in the business community. As many business decision-makers are only too aware, hardly a week seems to go by without a data breach of some form being reported to press, and this year alone has witnessed some major breaches which have affected thousands of people around the world.

Just take a look at the stats. In October last year, DNA testing firm MyHeritage suffered a breach affecting 92 million people. Fast forward to March this year, and we learnt that the data of 87 million Facebook users had been shared. Then in June, Ticketmaster revealed that the login information, payment data, addresses, names and phone numbers of almost 40,000 people had been breached. And this was followed at the beginning of September, when hackers got into the systems at British Airways, impacting 380,000 transactions.

When they do happen, breaches of all sizes have brutal consequences (even if they are smaller than the examples cited above). Take a look at the retail sector alone – recent studies have shown that 19per cent of consumers would completely stop spending money with a retailer if the business had been breached, and one-in-three (33per cent) agreed they'd at least stop shopping there for a while. Can you imagine what losing 19per cent of your customer base might do to the bottom line? It certainly wouldn't be a pretty sight.

With new regulations such as the GDPR taking hold, fines are also a big fear factor for business leaders. According to reports, Facebook's fine for its part in the Cambridge Analytica scandal could have been 1.4bn in the post-GDPR world – a harsh sum even for a global giant like Facebook to stump up. And for small businesses too, the prospect of paying up to 4per cent of their annual turnover as a fine isn't a fun one.

Where's the Business Case for a Budget?

So, the consequences of a data breach – from fines to financial losses and frustrated or deserting customers – are damaging, unnerving, and can put the businesses involved in jeopardy.

There are several reasons for this, including the fact that security is sometimes lumped into the wider IT budget, that budget is being prioritized for digital, cloud or other IT projects, and due to ignorance on the part of the board. However, the most common reason is that it's hard for CISOs to get budget when they cannot guarantee that their organization will not suffer a breach.

From a business point of view, this might make sense, right? After all, if you are a business leader and concentrating on the bottom line, why would you agree to sink budget into a fight that apparently cannot be won? Sensible business protocol dictates that you should only invest where a return is on the cards.

What Makes Cybersecurity Breaches Unavoidable?

According to our survey results, almost nine-in-ten (86per cent) CISOs believe that breaches are inevitable. So, what's behind this certainty?

Well, most enterprises are on a path towards digital transformation, with over half (52per cent) agreeing that this is the tech trend that will have the biggest impact on the IT security of their organization in the next five years. Digital transformation widens the surface of attack, giving cybercriminals more opportunities to find weaknesses, to creep into systems, and to leak or exploit data. Cloud adoption, the increasing mobility of workforces, and the rise in the use of digital channels are all contributing factors here, increasing the risks.

And this isn't the only factor that CISOs are up against. What if a malicious insider – an employee perhaps – was to single-handedly work against a company, or even combine their efforts with those of an external attacker? To help them through the back door, so to speak?

This sort of threat could be especially difficult to identify and prevent in advance. In fact, it's one of the most feared types of threats among the CISO crowd, with 29per cent of CISOs agreeing this is the biggest IT security risk facing their organization (second only to concerns about financially motivated cybercrime gangs at 40per cent).

And while we're on the topic of financial motivation by the way, if breaching an organization promises to bring substantial gains to the attackers, and those gains exceed the resources they need to organize the attack in the first place, then as far as the criminals are concerned, their efforts are easily justified. They will just keep finding new ways to make their money.

Asking the Right Questions will Lead to the Right Decisions

There seem to be plenty of reasons – outlined above – why the question "can I prevent an attack?' is not the right one for business leaders to be asking. So what is the right question to ask?

Well, if attacks are likely and increasing, the crux of the issue really lies in whether a business can detect an attack quickly enough, and respond comprehensively and quickly enough to minimize its impact.

In other words, it's becoming increasingly clear that businesses can't live in the prevention only paradigm anymore. That mindset is simply outdated and out of sync with how businesses today work. When it comes to targeted, highly elaborated attacks, detection and response should instead be the priority.

It's time to educate business leaders that it's worth investing in cybersecurity. This is not about guaranteeing the complete prevention of cyber incidents, it's about raising the price of attack for attackers. It's about making an attack unaffordable, and not worth their while.

And, more importantly, it's about getting your perimeter and security team ready to immediately address any attempt to interfere with your organizations' network. An average breach costs a large enterprise up to $1.23 million — but if you take the necessary measures, this price will drop to a minimum, or even to nothing at all. Now that sounds like a sensible business decision.

Maxim Frolov

Vice President of Global Sales, Kaspersky Lab

Business Solutions

Grab Microsoft Project Professional 2021 for $20 During This Flash Sale

This small investment is well worth the time it will save your team in organizing and monitoring project work.

News and Trends

IT Firm Happiest Minds Technologies Acquires Macmillan Learning India

The deal will likely be finished by April 30 and will cost INR 4.5 crore.

Business News

James Clear Explains Why the 'Two Minute Rule' Is the Key to Long-Term Habit Building

The hardest step is usually the first one, he says. So make it short.

Science & Technology

AI Will Radically Transform the Workplace — Here's How HR Teams Can Prepare for It

HR intrapreneurs are emerging as key drivers of AI reskilling, thoughtful organizational restructuring and ethical integration, shaping an inclusive future where technology enhances both efficiency and employee development.

Data & Recovery

This File Backup Tool Subscription Is $25 for Life for One Week Only

AOEMI Backupper Professional is designed to protect, store, and transfer user's files for them.

Business News

Microsoft's New AI Can Make Photographs Sing and Talk — and It Already Has the Mona Lisa Lip-Syncing

The VASA-1 AI model was not trained on the Mona Lisa but could animate it anyway.