With an almost constant flow of news about cybersecurity breaches worldwide, it is evident that there is good reason to believe that cybersecurity should and must take a higher priority than it does in an organization’s planning and funding efforts. Ransomware, malware, theft of data, and infrastructure threats are on the rise, and it seems likely to continue its upward trend for the foreseeable future.
But, small and medium enterprises may question the value of cybersecurity and the expense in time and money required to provide a robust protection schema as they likely also have limited resources to invest. So why should your organization, be it small or large, invest? What are some of the benefits? More importantly, what might be some of the shortfalls of that investment?
What Happened
As reported by the US Health and Human Services Department (HHS), detailing reports from affected health organizations, a hacking incident affected over 92 thousand people on or about the 28th of June. This is only the latest reported incident, one of 321 still under investigation since January 1, 2022. With over 1.99 million persons affected in total, this rather disturbing number only covers those investigations that are still open, not that have been completed. Another six investigations have been closed that were reported in 2022, with an additional 57 thousand persons affected.
Note that these are only those breaches reported to HHS and where the number of affected persons was 500 or greater. It is also notable that this only covers health care providers, insurers, and their business associates.
With an average cost per record of between $161 and $210, the first breach mentioned above will cost the company involved between almost $15 million and $19 million, and that is without any fines or lost revenue due to customers losing faith in their ability to protect their information. That loss of faith could destroy the organization, as it has with others such as Wood Ranch Medical and Brookside ENT.
So far, it is estimated that there have been over 35,000,000 cyber attacks in 2022. That is 35 MILLION attacks in just over six months.
How will this Affect You?
As a business, any loss of customer faith in your services or customer relationships can seriously affect your business. It can reduce the number of clients you presently have, cause potential new clients to find someone else for their needs, or even (worst case?) shut you down completely.
Maybe you are looking at the cost/benefit analysis of enhancing your cybersecurity from where it stands now to a more robust structure, but it seems the cost is too high. Or perhaps you have paid out for services for a period of time, but have not seen any breaches or problems. Thus you believe your need is less than what you are paying for. Reducing expenses is essential, right?
Let’s look at some of the costs and benefits of cybersecurity and see what we come up with.
Costs vs. Benefits
If your organization gathers and uses data of any sort, you have a reason for doing so. The data is used to produce a product or service you then provide to your customers. Without that information and its subsequent products or services, your organization literally has no reason to exist. That means costs and benefits related to the data are important to understand and value so your organization can better prepare for the future.
To give you an idea of some of the costs associated with not ensuring your security is up to date, as compared to the benefits, we have created a short list here of both. Each is followed by a basic description of what that means for you.
Costs:
- Loss of business
- Loss of clientele, revenue, or even a total loss/closure.
- Fines
- Some regulatory agencies will fine your organization based on your lack of security or an unacceptable level of such.
- Ransomware recovery
- Paying the ransom
- Recovering your data via backup or having to reestablish your database through requests for the same information from its original sources.
- Creating or enhancing your current cybersecurity program from its current state.
- Discovery, planning, initiation, maintenance.
Benefits:
- Business
- Retention of (or even improvement in) current client base and business value.
- Less loss due to breaches
- If a breach happens, regulatory agencies are less likely to penalize an organization that can show they have diligently worked to improve and maintain its cybersecurity posture as needed.
- Protected data repositories
- Ransomware can be recovered more easily and at a lower cost by maintaining backups that are protected and/or separate from the primary data stores.
- Expenses
- Recovering from adverse events is usually much cheaper and faster when you have maintained a strong cybersecurity posture than if not.
What should you do
Again, your organization does not have a reason to exist without the data and clientele you serve. Here are a few basic thoughts on what you can do to begin protecting your organization or enhance the protection you already have.
- Know your data
- Look at the data you have collected or will need to collect and why you collect it.
- Classify your data
- You can classify data by importance and what level it should be protected at (PHI, PII, PCI, etc.) Don’t forget to include Intellectual Property in this exercise.
- Who is using the data, and why
- If your HR department only uses one type of data, then others that don’t use it shouldn’t have any access to it at all.
- Train your staff and management to directly participate in protecting any data used.
- Your staff is your real first line of defense and tends to also be the most vulnerable to attacks.
- Separate your networks (network segmentation)
- Data only used by workers should not be accessible on a public portal (Internet-facing) network.
- Data that is used only by one department should be accessible to the department only.
- BACKUP! BACKUP! BACKUP!
- Backups make it possible to recover quickly and efficiently from natural and man-made disasters.
- Constantly validate (maintain) and improve your cybersecurity posture
- You wouldn’t buy a car with a full tank of gas, then let it sit to rot once that gas was gone, would you? Check, maintain, and update on at least a yearly basis. More if possible.
Northstarr Recommendations
Northstarr System Solutions is a company devoted to protecting our clients’ systems and data. With over 30 years of experience, we can be your partner in preserving your ability to meet or exceed your cybersecurity and business goals.
To find out more about how we can help you, visit our website or give us a call at (888) 767-2210 to set up an appointment.
We look forward to meeting with you!