February 13, 2018 | Written by: Steve Sedowski
Categorized: Cognitive Computing
Ransomware Carnage Cost Billions in 2017.1
Overall Monetary Damage Caused by Cyber Crime May Reach $6 Trillion per Year by 2021.2
174,402,528 Data Breaches* Occurred in 2017.3
Most IT security professionals know the above statistics and have read many more. All of these hazards can negatively affect a company’s operations, financial condition, and/or liquidity. These same individuals are also aware of how difficult it is to protect against every type of data breach.
Given the plethora and complexity of software applications and apps with the inherent challenges to secure all of their functionality, the availability of packaged exploit programs that the seemingly growing number of script kiddies unleash, the continual threat of hackers, growing insider threats, and all the other lurking cybersecurity hazards, it is very difficult if not impossible to nullify any and all IT security threats. Thus, the shocking truth about cybersecurity threats is that, whether maliciously intentional or innocently accidental, cybersecurity breaches WILL happen and companies within the travel and transportation industry are not immune.
Cybersecurity Breaches Will Happen
Knowing that it is not “if” a breach will occur, but rather “when”, people in charge of an enterprise’s IT security program need to be in a position to act effectively when this type of situation arises. That is, when a breach does occur, these people will want to not be chasing chaos or reacting to it, but rather, have the knowledge and tools to repair any damage done and recover as soon as possible from the cybersecurity violation.
Proper Security Programs Take Time to Implement
There are many plans or stratagems that can be utilized to minimize or eliminate any resulting chaos and deal with a cybersecurity breach systematically. However, preparation is the key. Given this, preparing for a security breach will take time. How much time? It is probably more than most people are aware of….
When there is a security breach at an enterprise, a password change throughout the company is usually the number-one activity that must occur. The preparation time necessary to build a process that can handle such a task and execute properly can take a large organization 3- to 6-months. That is a lot of prep time. And this is just one exercise to ready for a cybersecurity breach.
More Actions to Strengthen Reactions
Another activity is penetration testing. Cyber criminals are performing penetration tests. Are you? Test and test often.
One more exercise is to gather threat intelligence to better grasp the current security risks and anticipate looming and emerging threats. Add cognitive capabilities and your company can have access to millions of ingested security-related documents and incidents to learn from.
Another step is to have a properly constructed and documented overall security strategy and planning program to assess how your company’s security procedures meet business risk mitigation objectives and define methods to align your security program to business requirements and industry standards (i.e. regulations).
The above correlates well with bolstering your company’s security operations center (SOC), or if it does not have one, establishing one either on-premise or off-premise.
All of these actions will help tremendously when responding to the inevitable cybersecurity attacks and incidents that will impact companies across the travel and transportation industry. If your company is deficient in its cybersecurity program or is looking to improve, wait no longer. Act now to free your company from the anxiety and disturbance caused by a sub-par security program.
1. Morgan, Steve. “Ransomware Damages Rise 15X in 2 Years to Hit $5 Billion in 2017.” CSO Online, CSO, 23 May 2017, www.csoonline.com/article/3197582/leadership-management/ransomware-damages-rise-15x-in-2-years-to-hit-5-billion-in-2017.html.
2. Morgan, Steve. “Top 5 cybersecurity facts, figures and statistics for 2018.” CSO Online, CSO, 23 Jan. 2018, www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics.html.
*”The ITRC defines a data breach as an incident in which an individual name plus a Social Security number, driver’s license number, medical record, or financial record (credit/debit cards included) is potentially put at risk because of exposure. This exposure can occur either electronically or in paper format.”2