Cybercrime’s Rising Costs Only Magnify Need for Effective Emergency Response Plans
According to a recently released industry study conducted by the Ponemon Institute, the average cost of a data breach for US companies rose substantially over the last year. On the heels of this study, GDF’s founder talks about some of the real costs associated with data breaches and what Global Digital Forensics can do to help organizations protect their reputation and bottom line.
The sixth annual cost of cybercrime study the Ponemon Institute released this week showed some alarming numbers on the growth of cybercrime costs for US companies. The New York Times broke down some of those numbers in this article published on Tuesday, October 6th. With averages showing increases hovering around 20% among the companies surveyed, it only proves that regular threat assessments, penetration testing and emergency incident response have never been more important to the success of an organization in today’s digital world.
The costs to businesses stemming from even one successful data breach can be immense.
“A successful data breach can hit a company on many fronts,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier national provider of cyber security solutions headquartered in New York City. “First there is the cyber espionage factor. Competitors and other corporate enemies may get their hands on valuable intellectual property, like design plans, manufacturing secrets and the like. There is really no limit to the damage which can be caused when a competitor beats you to market with your own ideas, processes and procedures.”
“Then there is the trust factor. Clients, vendors and investors can be a fickle bunch. When you’ve been compromised, they’ve been compromised, and unless you can prove to them you were not sleeping at the wheel and took every measure possible to protect them and their data and quickly identified and thoroughly rectified the problem, they’ll just hop over the fence to that competitor’s pasture, which in their mind must be greener. But with the right approach, you’ll find even this fickle bunch are not totally unreasonable regarding the realities of cyber security.”
“Next up of course is cold, hard cash, yours and everyone else that may have trusted you with PII (Personally Identifiable Information), like account numbers, Social Security numbers, or anything else that could help an attacker commit theft and/or fraud, and this certainly does circle the wagons back to the trust issue in a hurry.”
“Then, to wrap it all up with a nice big bow, you’ve also got regulatory agencies to deal with, and the teeth of sanctions and fines they can bring to bear. Add it all together, and the costs can be crippling.”
The big three – assessment, testing and response
“While the costs associated with a successful breach continue rising, the fundamentals needed to help organizations survive the onslaught remain relatively consistent when it comes to surviving a data breach and its aftermath, and we help clients on all those fronts,” says Caruso. “We start with a thorough cyber threat assessment which takes into account a client’s unique needs, digital architecture and data work flow, reviewing policies and procedures, and helping them strengthen them, or create them from scratch if none are present. The threat vectors that are problematic for one industry or organization may not be a high priority for another. Our broad expertise lets us tailor the assessment to illuminate the right problem areas for any client.”
“Next is our comprehensive penetration testing, which is basically us taking the role of real-world hackers and trying to infiltrate the network using a wide variety of tools and techniques, from social engineering strategies, to sophisticated phishing and spear phishing campaigns. We have many tradecraft tricks up our sleeves, just like real hackers do, and so far we have never failed to compromise our target. Our successes will only help to spotlight weakness in the client’s cyber security posture so they can be significantly improved, but a real hacker’s success could cost the client everything.”
“Emergency incident response is next on tap, and is probably the most vital piece of the data breach puzzle. Our extensive experience in network forensics and security, as well as our ‘No Retainer Policy,’ make it both cost-effective and simple to ensure your organization has a response team standing by to handle the problem, mitigate the damage and ensure regulatory compliance, all with absolutely no downside or unnecessary expenses. It just doesn’t get any easier than that to have professional, experienced assistance you can rely on in the event the unthinkable happens. Experienced emergency responders can also help businesses avoid the extremely costly pitfalls of “over-notification” by helping to quickly determine exactly which records were compromised and exactly who should be notified about the event, because as with most things in life, unnecessary excess typically doesn’t lead to a happy ending.”
To survive and thrive in the digital arena and reduce the potentially debilitating impact of successful cyber intrusions and data breaches, the decision to take control of cyber security responsibilities and emergency incident response is both crucial and necessary. So don’t wait until it’s too late to get started, call Global Digital Forensics today.
*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.