today’s cyber security realities, as well as best in class strategies for achieving an optimum cyber security
program, is essential to mitigating the heightened risk associates with cyber attacks.
“Dispelling Common Cyber Security Misconceptions”
Among the more common misconceptions regarding cyber security, and one which presents a false
confidence, is that having anti-virus software is sufficient. With ransomware a major threat and the ability
for hackers to overcome and destroy anti-virus software, this is not a solution. Another myth is that cyber
security is an IT matter when, in reality, it should be regarded as a core business discipline to which every
member of an organization has a responsibility. This thinking recognizes that an IT system is integral to
a company’s day-to-day operations (i.e., processing purchase orders, invoicing, data storage, employee
benefits and payroll administration, maintaining intellectual property, etc.). Thinking that cyber security is
an internal matter is also a mistake considering all of the interactions a company’s IT system has with
external third parties, from vendors, professional firms, employees’ home-based systems, etc. which
make it vulnerable to many additional cyber threats. By recognizing that cyber security is a central to a
business’ operation with many interrelating components from both inside and outside of an organization,
a business is better prepared to address today’s numerous cyber threats.
“Cyber Security Today”
According to Jupiter Research, the rapid digitization of consumers’ lives and enterprise records will
increase the cost of data breaches to an estimated $2.1 trillion globally by 2019. That is four times the
estimated cost of data breaches in 2015. This same research firm projects that the average cost of a data
breach in 2020 will exceed $150 million by 2020. There are many types of data breaches occurring at a
rapid pace today. The Madison Square Garden credit card breach occurred when hackers accessed the
credit card information of people used at Madison Square Garden and other related venues. This past
November, Madison Square Garden reported that its systems had been compromised during the period
from November 2015 to October 2016. Also recently reported was the Marriott International/Starwood
multi-year breach which compromised the personal data of up to 500 million customers. Other breaches
affecting millions an even billions of records include: Yahoo’s 2013 breach affecting 3 billion accounts
and its 2014 breach affecting 500 million accounts, the Equifax breach in 2017 affecting 146 million
accounts, and the Anthem data breach in 2015 in which 37.5 million records of personal data including
health data were breached impacting an estimated 79 million people. As a consequence of this breach,
Anthem was ordered to pay a federal government settlement of $16 million. These large breaches are
accompanied by other breaches of smaller size, but with significant impact on the companies and
individuals affected.