With all the stories in the news of identity theft, data breaches, and compromised sensitive data, it’s no longer necessary to ask, “Why is cybersecurity important?” Instead, the question should be, “Why are any companies NOT taking full cybersecurity measures?” The past few years have seen seemingly endless cyber attacks on private businesses, federal government organizations, and critical U.S. infrastructure. The financial, social, and emotional toll of these phishing attacks, cyber threats, and data breaches reverberate for months and, in some cases, organizations never recover.
All hope is not lost, though. In this article, we discuss key cybersecurity threats and potential risks, how businesses can be protected from potentially devastating attacks, and cybersecurity best practices that you can implement at your organization.
Recent High-Profile Cyber Attacks
The Colonial Pipeline ransomware attack in May 2021 forced a major utility company to proactively freeze its computer systems and shut down its pipeline—one of the largest in the country— effectively halting supply for nearly half of the fuel for the east coast.1 In January 2022, hackers accessed the personal data of more than 500,000 individuals on Red Cross servers. In the same month, more than $33 million in cryptocurrency was stolen when cybercriminals were able to access users’ digital wallets. February saw a highly publicized News Corp breach in which emails were stolen from journalists in a suspected espionage incident.2 The most recent attack was on rideshare company Uber, which compromised the personal data of more than 77,000 Uber employees.3
Heightened Digital Presence Leads to Cybersecurity Concerns
According to a Gartner report, cybersecurity threats become more complex as organizations expand their digital footprints. Cloud-based business processes, hybrid work situations, attacks on companies’ digital supply chains, and increasingly sophisticated ransomware highlight companies’ insufficient technology and the shortage of skilled cybersecurity professionals.4
So, why is cybersecurity important? In our daily digital lives, an astonishing amount of highly sensitive data is collected from a multitude of computer programs, platforms, and devices. This increasing volume of data, coupled with the growing tech-savviness of cyber criminals and cyber-attack methods, make robust cybersecurity essential for all organizations.5
Risks of Poor Cybersecurity
Many risks arise from not having critical infrastructure security, especially for more vulnerable small and medium-sized businesses. The average cost to a U.S. company is $9.44 million per data breach.6 The U.S. National Cyber Security Alliance reported that nearly two-thirds of small businesses hit with a cyber attack close their doors within six months.7
Other consequences of insufficient security measures include:
- Loss of data and intellectual property
- Reduced employee productivity
- Fines for non-compliance with government regulations
- Extortion through ransomware
- Identity theft
- Damage to the company’s reputation
- Class-action lawsuits8
Fortunately, there are many tools and resources available that businesses of all sizes can use to ramp up their cybersecurity efforts quickly.
Benefits of Robust Cybersecurity Measures
When a company implements a cybersecurity plan, it protects its business, customer data, and networks from criminal activity. It also prevents system access by unauthorized users, improves recovery time should a data breach occur, and protects end-users and their devices. Maintaining a secure environment brings the company into compliance with regulatory agencies, ensures business continuity, and enhances its reputation.5
Cybersecurity Best Practices
The U.S. Department of Labor’s Employee Benefits Security Administration discusses cybersecurity best practices for retirement plan providers, but these can apply to all types of businesses. Their recommendations are outlined below.9
Create a comprehensive cybersecurity program
Each company should create a written document that identifies and assesses all cybersecurity risks that could threaten its network security, business assets, and data. The document would also include all guidelines, policies, and procedures implemented under this program to protect IT infrastructure and stored data.9
An effective cybersecurity program must be managed at the highest level and executed by qualified team members. Typically, the chief information security officer (CISO) would establish and maintain the overall strategy and vision; all those involved should have the necessary experience and certifications.9
Conduct annual risk assessments
Since information technology (IT) threats are always evolving, it’s necessary to identify, evaluate, and prioritize cybersecurity risks regularly.9
Develop robust access procedures
Through authentication and authorization, users trying to access a company’s IT systems and sensitive data must prove that a) they are who they claim to be, and b) they’re allowed to access those systems and data. Ideally, each company would use multi-factor authentication (MFA) and regularly review access privileges.9
Audit your security controls
A reliable and independent auditor should regularly assess the company’s security controls, reporting on any vulnerabilities and potential risks for a data breach.9
Review third-party security protocols
Companies regularly use third-party cloud services for data storage, which can limit the organization’s control over that data. All third-party vendors should be properly vetted to ensure that required security measures are in place, with periodic assessments.9
Provide cybersecurity awareness training
Ensure that all employees are aware of cybersecurity best practices and that everyone can recognize potential threats. Training topics should include identity theft, data breaches, risk management for mobile devices, and current trends in gaining unauthorized access to company systems.9
Encrypt all sensitive data
Encrypting data can protect any information that is not intended for the public. Follow accepted standards for encryption keys and message authentication to protect data security and confidentiality.9
Implement a Secure System Development Life Cycle Program (SDLC) program
In an SDLC program, activities such as code reviews, penetration testing, and analysis of computer architecture all play an important role in system development.9
Establish thorough technical controls
Technical controls encompass all hardware, software, and firmware system components. Best practices include keeping everything up to date (including antivirus software), installing firewalls and intrusion detection software, and conducting routine security patching and regular data backups.9
In its cybersecurity plan, each company should also address issues of resilience (incident response, disaster recovery, and business continuity) during and after a cyber attack. This should include a post-incident review after any security risks are found, and operational changes, if necessary, to prevent or mitigate future attacks.9
Key Cybersecurity Applications
The most important cybersecurity applications for a company establishing a cybersecurity program are:
- Firewalls
- Intrusion Detection and Prevention Systems (IDPS)
- Data Loss Prevention (DLP) software
- Anti-virus software
- Identity and Access Management (IAM)
- Network security monitoring
- Role-Based Access Control (RBAC)
- Application security
- Endpoint Detection and Response (EDR)10
Cybersecurity Careers
Assessing a company’s network security systems requires a significant level of expertise, as does setting up and maintaining an effective cybersecurity program. Because of this, companies are deeply invested in finding the right people to protect their valuable data—and paying them well. The need is so vast that there’s an unmet demand for at least 500,000 cybersecurity jobs in the U.S., and 3.5 million jobs globally.11 This growth is not set to slow down anytime soon: employment of information security analysts is projected to grow 33 percent from 2020 to 2030, which is significantly faster than the average for all occupations.12 The diversity of job titles and specializations has also opened doors in healthcare, banking, forensic science, and more.
Be at the Forefront of Cybersecurity with an Online Master’s Degree
If you’re ready to take your cybersecurity career to the next level or get your start in this highly lucrative, in-demand field, consider the top-ranked online Master of Science in Cybersecurity degree from Yeshiva University’s Katz School of Science and Health. This rigorous program, taught by industry professionals and incorporating real-world, hands-on experience, will prepare you to be highly competitive for a position as a cybersecurity professional in less than two years. Talk to an Admissions Advisor today.
1. Retrieved on December 15, 2022, from zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/
2. Retrieved on December 15, 2022, from electric.ai/blog/recent-big-company-data-breaches
3. Retrieved on December 15, 2022, from darkreading.com/attacks-breaches/uber-breached-again-attackers-compromise-third-party-cloud
4. Retrieved on December 15, 2022, from gartner.com/en/articles/7-top-trends-in-cybersecurity-for-2022
5. Retrieved on December 15, 2022, from techtarget.com/searchsecurity/definition/cybersecurity
6. Retrieved on December 15, 2022, from ibm.com/reports/data-breach
7. Retrieved on December 15, 2022, from fundera.com/resources/small-business-cyber-security-statistics
8. Retrieved on December 15, 2022, from roebucktech.com/it-blog/consequences-of-poor-cybersecurity-management-and-how-to-avoid-becoming-a-statistic/
9. Retrieved on December 15, 2022, from dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/best-practices.pdf
10. Retrieved on December 15, 2022, from electric.ai/blog/cyber-security-apps
11. Retrieved on January 12, 2023, from https://cybersecurityventures.com/jobs/
12. Retrieved on January 12, 2023, from www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm