The one in the title is a frequent question for business and government managers. Unfortunately, until one is touched by the problem, one tends to consider security investments a secondary expense. Not to mention that sometimes, compliance and certification requirements are seen more as a constraint than a real benefit. In times of crisis, such as the ones we are currently experiencing, cutting costs or delaying an investment in this area may lead to a minimal benefit in the short term, but it is a terribly counterproductive choice that will eventually lead to paying a much higher bill than what was saved.
Disinvesting is the worst choice
Thinking you are virtually safe from attacks is just a hope that sooner or later will be shattered by the reality of the numbers. Infrastructure attacks are on the rise, and BEC (Business Email Compromise) scams, with phishing and email attacks containing malware, are also on the rise. According to a recent Trend Micro report, more than 13 million emails containing threats were blocked in 2019, and this gigantic number covers “only” those detected on Microsoft and Google cloud-based email services. Recently a new type of threat called MonitorMinor has made headlines; it is a stalkerware software that has been modified to allow cyber criminals to secretly access data and track activity on affected devices that are constantly monitored for information, personal data and passwords. All this is without considering the flaws in processors that put infrastructure at risk. As of a few days ago, yet another security flaw has been highlighted that plagues some of the Intel processors produced from 2012 to 2020 and endangers cryptographic keys, passwords and so on.
Prevention is better than cure
Fortunately, it seems that the trend is changing-after 2019 was a black year for cybersecurity, in 2020 it seems that small and medium-sized enterprises have become aware of the situation and are ready to invest in security. But will this also be the case for public administrations? Without mincing words, the question to ask is not: how much does cybersecurity cost? But rather: how much would it cost not to invest in security? Data in hand, in 2019, according to Accenture Security estimates, cyber attacks cost Italian SMEs (with a downward average) more than 7 million euros. Consider that, in the case of a blitz with a breach detected and blocked within a few minutes, the costs of the attack are around 25 thousand euros, destined to rise exponentially if the problem is not noticed immediately. Of course, this is only an estimate, since assessing the possible damage for a single entity is not easy. It depends on the type of company, the kind of data compromised, the type of attacks suffered, and how many days of downtime the attack cost. Not to mention that in addition to the economic aspect, a cyber breach also has consequences in terms of the image of the affected company. These are called “side effects,” and while in the short run they can lead to the loss of business opportunities, in the long run they can generate a flight of customers. Then there are the additional costs and legal complications to consider should failures in data protection procedures to guarantee customer privacy come to light. In order to dispel any legitimate doubts in this case, it is necessary to make use of the Security Data Recorder, a service that records all network traffic and that, in the event of law enforcement audits, is able to produce the necessary documentation to highlight any possible liability or rule out any charges. Of the other essential procedures, we have already written about them in this series of articles, but they are worth mentioning: Network Vulnerability Assessment and Penetration Test i.e., check-ups of a company’s network computer systems, performed to ascertain their level of security, detect the presence of weaknesses and take corrective action so as to block possible intrusions.
For consultation and more information about the services offered by Hypergrid, contact us at: info@hypergrid.it
Devi effettuare l'accesso per postare un commento.