It’s my mission, both as an entrepreneur and a communicator, to help businesses protect themselves from cybercrime.
The cost to companies from cyber-attacks is growing at an alarming rate at the moment. Part of that problem is that there are still senior decision-makers in companies who don’t understand the devastating impact cybercrime can have on a business.
There are new stories of financial ruin and heartache appearing in the media every month, it seems, and although these cybercrime disaster stories are disturbing they can serve as a valuable lesson to other businesspeople.
Even massive corporations are not immune from cyber-attack and their security failures are a reminder about the importance of cybersecurity vigilance.
Equifax
In May 2017 one of the biggest financial services companies in the US had their data storage infiltrated and at time of writing, the fallout from the incident is still landing.
Cybercriminals took advantage of unresolved weaknesses in Equifax’s security systems to steal their data which included the detailed financial records of millions of private citizens.
Hundreds of millions of people have now had their personal financial data publicly exposed as a result of the Equifax breach, not only in the US but across the rest of the world.
A report on the Equifax breach by Wired stated that “it would have been simple for an attacker to exploit the flaw and get into the (Equifax) system. Once they identified Equifax's systems as vulnerable, actually exploiting the vulnerability to gain access to the Equifax servers and network will, unfortunately, have been relatively easy.”
Equifax postponed announcing the breach for months after the incident, waiting until September 2017 to notify their customers. Following the delayed announcement shares in the company plunged by 25%.
In November last year, Equifax issued a report estimating the immediate losses sustained by the company as a result of their data-breach at US$75 million. The ongoing financial harm the company could sustain is hard to calculate but any realistic estimate would need to factor-in reputational harm and future litigation costs that could continue for decades.
Uber
Uber’s data breach late last year was a powerful reminder of the way even very big companies can be shaken by cyber-attacks if they fail to implement good security policy.
According to news sources Uber paid a ransom of US$100 thousand to hackers who stole their data to keep them from going public. That is quite a lot of money, but in the months following the revelation of the data-breach cover-up Uber is estimated to have suffered around US$1.5 billion in collateral losses in terms of reputation, company value and revenue.
Uber’s clumsy handling of their 2017 incident launched them down a rough road where they had to deal with the immediate consequences of a massive data breach and a public relations meltdown as well.
One of Uber’s biggest problems was their lack of transparency around the hack.
Uber was attacked and compromised by cybercriminals - that’s a big problem - but their response to the incident was to try and hide it, which actually made the situation worse.
Litigation and legal wrangling around the Uber breach continues.
The ubiquitous blue paged giant is the latest mega-company to have their reputation tainted by a cybersecurity scandal that is unravelling in the media right now.
Facebook has now confirmed that nearly 90 million of its users may have been compromised in a massive data breach allegedly initiated by the notorious political marketing firm Cambridge Analytica.
According to a report from News.com.au, Facebook is making sweeping changes to its platform in reaction to the accusations of impropriety on its part.
Facebook will now restrict access for third-party apps to their users’ events, as well as “information about ‘groups’ such as member lists and content.”
The News.com.au report also stated that Facebook is “removing the option to search for users by entering a phone number or an email address,” because “while this helped individuals find friends who may have a common name... businesses that had phone or email information on customers were able to collect profile information this way.”
Reputation is worth protecting
The harm your business could sustain from a cyber-attack goes far beyond the immediate financial damage caused to computer systems and lost productivity.
A company builds a relationship of trust with its customers and partners over years or even decades. What price would you attach to the good reputation of your business?
Learning the value of cybersecurity the hard way, through a damaging data-breach, isn’t necessary. As a CEO, protecting your company from a cyber-attack scenario like the ones suffered by Facebook, Uber or Equifax doesn’t require a big investment, just a modicum of forethought and basic self-education.
Understanding cybersecurity
If you would like to learn more about the complex cybersecurity challenges facing business today, please download my e-book Surviving the Rise of Cybercrime. It’s a plain English handbook explaining the most common cyber-threats and it provides essential guidance on managing business risk in the online sphere.
Rob Sloan, Cybersecurity Research Director at Wall Street Journal, said this about my book:
“Cybercrime is a serious and growing business risk. Building an effective cybersecurity culture within an organisation requires directors and executives to lead by example. Surviving the Rise of Cybercrime is a must-read for directors and executives across business and in government and provides strong foundations for leaders determined to address cyber risk.”
Download your copy of Surviving the Rise of Cybercrime for free, here.
Hi, I’m Craig McDonald; MailGuard CEO, founder of GlobalGuard and cybersecurity writer.
Follow me on social media to keep up with the latest developments in cybersecurity and Blockchain; I'm active on LinkedIn and Twitter.
I’d really value your input and comments so please join the conversation.
