Your customers expect you to be a security partner, but do you know these six things?
Though small and medium-sized businesses (SMB) are closing some of the gaps that used to make them more vulnerable to cyberattacks than large companies, there is still lots of room for improvement for everyone. Information security continues to be at the forefront of IT initiatives and technology spending for enterprises, and they need help from you to find the best options for their circumstances. Are you well-positioned and well-informed enough to be able to have an intelligent data security conversation? Do you know how trends have shifted along with recent changes to the ways we work? If not, keep reading for some surprising new research about the state of cybersecurity.
Cybersecurity: A Perennial Issue for Business
Marc Emmer with the leadership coaching group Vistage reports that an unbelievable 86% of companies were subject to a successful cyberattack in 2021. Whether just one record was lost or millions, I think we can all agree that’s way too common.
Even as technologies like automation and document management improve our ability to combat cyberthreats, new strategies and threat actors emerge constantly to thwart companies’ efforts. Security experts with Cisco indicate that crypto mining, phishing, ransomware, and Trojans are the most common security attacks, noting “These four threat types represented internet queries of around 100 million each month, whereas the next dozen threat types average about 10% of that.” Most attacks are intended to interrupt business operations in order to gain a financial reward (typically called ransomware) or to steal sensitive data that can later be resold on the dark web. Unfortunately, it still takes companies 287 days on average to identify a breach and get it contained, leaving data exposed for almost 10 months.
No wonder Gartner forecasts security spending to rise to $172 billion in 2022, up from $155 billion last year.
Surprising Security Statistics
Data security has been an issue since the moment we first connected computer systems across the World Wide Web. Though the benefits of the internet far outweigh the potential downsides for most companies, cybersecurity remains a moving target that requires new money and new resources on an almost constant basis. Though the technologies we sell can help protect information, few among us would claim to be security experts. The following six security facts may surprise you:
Unmanaged Files are Vulnerable … and There Are a Lot of Them
As document management resellers, we know a lot about managing company files and information, and enterprise content management (ECM) is one technology designed to aid businesses in both organizing and protecting sensitive data. Yet vulnerabilities remain. Veronis reports that 2/3 of companies have at least 1,000 sensitive files open to every employee—a problem that would take an IT administrator 6-8 hours to manually correct for each folder with global access permissions! Despite our best efforts, system access remains a problem as well. Forty-three percent of all cloud identities are abandoned and unused (and therefore exposed), and we constantly forget to remove access to company systems when contractors leave, a problem that occurs 75% of the time.
Most Data Breaches are Financially Motivated
It’s likely not a shock that 85% of cyber breaches involved a human actor, but the reasons why may surprise you. A small percentage are motivated by a grudge or espionage, but most are simply looking to make money. The Verizon 2021 Data Breach Investigation Report indicates that 93% of breaches at SMBs and 87% at large companies are financially motivated. But it’s not the stereotypical teenage hacker you may be picturing. Instead 80% of these financially motivated breaches originate with organized crime; it’s characteristic of the 21st century mob.
Employees Also Make Mistakes and Commit Cyber Crime
Employee contribution to data breaches typically falls into one of two categories: well-meaning, but careless individuals who accidentally expose sensitive information versus unhappy employees who intentionally expose information to satisfy a grudge or unresolved complaint. Overall, Verizon’s report shows internal actors account for 44% of all breaches at SMBs. In cases of inadvertent exposure, most attacks were delivered via email. However, for employees bent on hurting their employers, options abound. One of the most common is “losing” company devices, which Verizon reports is far more common than theft of equipment.
Remote Work Increases Cyber Risk
A March 2020 Workflow article details some of the increased risks associated with working from home (WFH), and reports bears this out. WFH does indeed increase the average cost of data breaches by more than $1 million (representing a premium of about 25%), and it’s a factor in 17.5% of all reported breaches. Just what are remote workers doing that’s exposing data? Two concerning trends point to at least a couple of activities that should be monitored.
Desktop sharing now accounts for almost 5% of attacks — potentially due to the increase in this activity using conferencing tools while working from home.
15% of employees are transferring business-critical data to their personal cloud accounts, which likely don’t offer the same protections and typically fail to adhere to corporate security policies.
Customer Trust Affects Profitability
What consequences impact companies that experience a breach? The single most costly impact is the loss of customer trust that turns into lost sales. You and I give financial and personal information to a wide variety of companies and expect them to keep it confidential. Seems reasonable … right? Yet, so many companies experience breaches that it’s likely our sensitive data has been impacted somewhere along the way. At 44%, customer data is the most likely type of information to be compromised.
Do you continue to do business with companies that notify you of the exposure of your information? Many of us don’t. Lost business represents 38% of the cost of data breaches, which is the largest single contributor to the overall cost. In addition, Verizon found that stock performance suffers significantly in the months following a breach. Breached companies that are traded on the NASDAQ typically experience a 5% decline in value.
The Cost of Lost Data is Going Up … Significantly
It should come as no surprise that data breaches are getting more expensive. In 2021, the average cost of a breach rose by 10%, which is the highest increase in the last 7 years. It now costs $4.24 million each time a company is compromised — the cost per record rising from $146 in 2020 to $160 in 2021.
Of interest: The Verizon report noted that 2019 was the first year the cost of lost digital data outpaced the cost of lost paper records. Clearly, the need for digital transformation is still significant.
Hone Your Security Expertise
Some basic document management features and capabilities make a big difference in the fight to protect data. Here are just a few:
Compliance failure was the top factor that amplified the cost of a breach, and ECM systems typically offer the flexible security settings and audit tracking to meet even the most detailed of regulations.
Encryption, an element of zero trust architecture and commonly available with document management applications, was the top factor that mitigated the cost of a breach. Look for ECM offerings that include data encryption both during transmission and when information is at rest in the system itself.
Companies with no digital transformation initiatives had the highest cost of a breach at $5.01 million. It’s time to convert all those paper records to digital and to protect them under the umbrella of an ECM system.
70% of all sensitive data is stale (meaning it hasn’t been touched in more than 90 days). “If this data is kept beyond a predetermined retention period, it exposes an organization to increased risk and liability,” say the IBM analysts. Many ECM systems are equipped with records retention capabilities that can make retention and destruction automatic.
As you improve your understanding of the evolving cybersecurity environment, you’ll find yourself having better conversations with customers and prospects about their security situations, and you can better match up key document management features with the specific threats they face. You’ll show off both your expertise and your ability to help them choose the best security technologies.