Cyber-Security: What’s At Stake?May 26, 2016 . .
Cyber-attacks are a serious business. Crypto-locker-style malware alone has had revenue of more than $325,000,000 in the last 3 years. Almost any type of data is for sale on the dark web, with buyers readily available.
It’s never been easier to make money with cyber-attacks. With opportunities like that, cyber-terrorist teams are everywhere, constantly testing defenses.
As a business leader, you need to understand what’s at stake so you can make informed decisions about how much, and what security is enough.
To get an understanding of what’s at stake, you need to first understand what you’re protecting. Think about the kinds of data you store:
- Intellectual property
- Customer information
- Accounting / banking records
- Payroll information
- Credit card data
- Health records
Notice at this point I haven’t talked about physical assets? These are specifically data assets. Yes, cyber-attacks may take down physical assets, but in most case those are a commodity and can be fixed easily. If you lose credit card data though …
We want to understand the value of this data. Look at each type from 3 perspectives:
- Financial value – what is it worth to you (or worth if you lose it)?
- Reputational value – what is the cost to your reputation if you lose it?
- Legislative cost – if you lose the data, what’s the compliance /legislative cost?
Normally, I rate each of these as High/Medium/Low. From there, it’s clear what the value of each type of data is to a company.
Next, consider key parts of your business. What would be the cost if an attack happened and the computer systems weren’t available? This is the cost of downtime.
For a professional services firm, this may be as simple as total billable rate effected * time. Think about a law firm, with a handful of $400/hour lawyers! Even if you decide that they could work on paper at a lower rate, or those out of the office (say 50%) 10 lawyers could be $2000/hour, plus support staff.
With an understanding of the value of your assets and the cost of downtime, it’s easier to understand what’s at stake. Simply put, in today’s economy, it’s everything. Your assets, your reputation, your ability to be productive.
Now when you start to have discussions with IT around security, decisions can be made by cost-benefit analysis instead of “IT says so”.
Understanding what’s at stake is the first step to getting the right protection in place.
Mike is a Technology Strategist, Project Superhero and Cyber-Security Simplifier. He is a partner at Incrementa Consulting a boutique consulting firm dedicated to helping businesses be more successful. You can connect with Mike on Twitter, LinkedIn or the Incrementa website.