You probably received at least one notice from a retailer or financial institution with which you do business advising that some of your personal data had been compromised.
Sony experienced major data breaches related to its online games. The Pentagon, the FBI, and major organizations have been attacked.
Do you know what the costs are to notify customers following a data breach in compliance with the law and to manage the overall effect of the breach? The average organizational cost of a data breach in 2010 was $7.2 million and cost companies an average of $214 per compromised record, according to information supplied to us by our carriers.
Data breach is only one of the exposures faced by companies as a result of their presence in cyberspace. An obvious risk for companies that are dependent on their websites to produce revenues, such as online retailers is business interruption.
Another risk is copyright infringement, and those who develop content for websites seem to have a poor understanding of this risk as infringement is very common in websites.
Yet another risk is libel claims from people or businesses who claim that they were unfairly disparaged in a posting placed in a social network site by a representative of the company.
Thinking this through, any competent risk professional will quickly conclude that every company in America is facing significant cyber and related risks. These risks are not being adequately evaluated, managed, and insured by most companies.
A survey recently conducted revealed that 73 percent of corporations do not purchase special insurance for these risks.
How are you approaching the identification and evaluation of these risks? Do you understand that standard insurance programs at best cover only some of the risks?
Contact us for a no cost evaluation of your risk.
========================
Protecting Your Business from Cyber Threats
By Ilya Leybovich
Increasing computerization of production methods and greater reliance on digital data systems have made cyber security a significant concern for manufacturers. How can businesses deal with the new wave of cyber threats?
Incorporating information technology (IT) systems and infrastructure into day-to-day operations allows manufacturers to access and distribute data more efficiently, helping them make sound business decisions and improve their companies' competitiveness. However, the advantages conferred by networked data systems and information-sharing technology also increase the risk of data theft, hacking, virus infection and other cyber-security threats.
For this reason, companies are beefing up their digital defenses to protect themselves from the latest cyber hazards.
"In past years, plants haven't worried about cyber security because they didn't connect to the outside world," Automation World acknowledges. "New data systems have changed that for most plants. [S]oftware and devices share data, and where data is shared, there is always the possibility of a breach."
The complexity and variety of cyber-security threats can be daunting, particularly due to the rapid rate at which new risks develop as well as the increasingly sophisticated methods of cyber criminals. According to the recently released Cisco 2009 Mid-Year Security Report, cyber criminals "are aggressively collaborating, selling each other their wares and developing expertise in specific tactics and technologies. Specialization makes it tougher to shut down illegal activity, because there are many players in this ecosystem."
Loss, theft or interception of sensitive business data are some of the largest cyber threats for commercial and industrial enterprises. A study from the Ponemon Institute found that the average cost of a data breach in 2008 was $202 per customer record. The information security firm also determined that breaches lost U.S. companies an average of $6.7 million and that the expense has continued to rise, by 38 percent between 2004 and 2008.
Among the major data-breach incidents recorded in its database, the Open Security Foundation reports that 48 percent derive from businesses. Sixty-five percent of security violations are perpetrated by external sources, while 30 percent come from within the company, either accidentally or maliciously.
How can manufacturers protect their businesses from the proliferation of cyber threats?
Although there is no single comprehensive defense strategy capable of shielding every type of company, Manufacturing Business Technology recommends taking a "defense-in-depth" approach for protecting industrial assets. This method entails both physical and electronic defense layers at separate manufacturing levels coupled with effective security policies designed to meet a variety of threats.
Security policy development requires a consistent plan involving "physical and electronic
procedures that define and constrain behaviors by personnel and components within the
manufacturing system," but without introducing excessive restrictions. This can mean building a resilient network infrastructure to provide information to necessary sources while limiting widespread access, or evaluating the risk potential of how data is used and deployed within the company.
Management Business Technology also suggests "computer hardening," which relies on IT best practices to shield computers from danger. The hardening process includes replacing direct Internet access with a "barrier zone" to secure shared data and service, enforcing tougher password and terminal access settings, uninstalling any components or protocols unnecessary for performing manufacturing tasks and implementing antivirus and antispyware programs.
Similarly, "controller hardening" may be used to better protect machinery and production
equipment controls from tampering. This involves the use of authentication and authorization programs to verify a user's identity, electronic safety features to prevent configuration changes and physically restricting access to sensitive devices.
Depending on a business's size, however, some security measures may not be practical or even necessary. Microsoft's Small Business Center offers the following tips for small-business owners to protect themselves from cyber threats:
Set up your defenses;
Stay abreast of the threat;
Encrypt everything;
Get help from your employees;
Don't store credit card numbers;
Buy a shredder — and use it;
Mind your mobile devices;
Run your updates;
Research your Internet service provider; and
Know what to do when it happens.
In addition, the Better Business Bureau recommends that managers tell their employees the following:
Not to open e-mail from unknown sources;
What to do when they receive suspicious e-mail (when in doubt, delete!);
To disconnect from the Internet when not online;
To consider the risks of file-sharing;
How to perform data back-up procedures; and
Actions to take if their computers become infected.
Regardless of a company's size or the scale of threats to which it may be exposed, implementing and maintaining a thorough cyber-security policy is a crucial step in succeeding in today's increasingly online business community.
