Protecting your business from cyberattacks
A few years ago cyberattacks were on the margins of news stories. Now, hardly a day goes by that we don't hear about a cyber incident. Recently, media reports suggested that the Russian government successfully hacked the emails of several high-level Democratic National Committee employees, underscoring that cyber threats are not going away anytime soon.
Cybercrime is among the most urgent threats to U.S. national and economic security, and they are increasing in scale, sophistication, and frequency. According to a McAfee report, the global impact of cybercrime tops $375 billion annually, and the estimated cost to U.S. businesses is 200,000 jobs lost annually. Bad actors - hacktivists, cybercriminals, and nation-states - use cyberattacks because they are cheap, easy, and lucrative.
U.S. businesses are responsible for protecting their cyber networks, including intellectual property, trade secrets, and the personal information of their employees and customers.
That's why the U.S. Chamber of Commerce hosted a cybersecurity conference in Schaumburg last month. Speakers urged businesses of all sizes and sectors to adopt basic internet security practices to reduce their network weaknesses and make the price of hacking steep.
What does that mean for businesses? According to Ari Schwartz, managing director for cybersecurity services at Venable, LLP, the number of cyber incidents from 2014 to 2016 increased and the average cost per data breach incident rose from $3.5 million to $4.0 million.
Robert Silvers, assistant secretary for cyber policy at the Department of Homeland Security says that although cybersecurity threats are pervasive, there are steps that businesses can take to protect themselves.
One tool that offers an important first line of defense is timely, actionable cyber threat data that can empower decision-makers to reduce risks, deter attackers, and enhance resilience. This is critical because nearly 99.9% of reported cyber incidents in 2014 exploited known vulnerabilities.
Department of Homeland Security manages an automated information-sharing initiative that enables bidirectional sharing of cyber threat data in near real time, enhancing the ability of organizations to block cyber adversaries before intrusions occur.
Owing to landmark federal cybersecurity legislation passed last year, businesses now have legal protections when voluntarily sharing threat data with industry peers and government.
Unfortunately, there isn't a silver bullet to create a more secure and resilient network. Businesses must approach cybersecurity from the standpoint that it is not a question of if a cyber incident will occur, but when.
White House cybersecurity coordinator Michael Daniel said that we know our efforts to defend and deter bad actors will sometimes fail. So "how do we get better at responding to and recovering from cyber incidents when they occur?"
For businesses, this means developing a cyber incident response plan and exercising that plan. A key part of any plan is knowing which federal agencies to call for help. Businesses are urged to reach out to legal counsel, cyber professionals, and law enforcement organizations. Their agents investigate, attribute, and prosecute cybercriminals.
A plan should consider relationships with DHS and other information-sharing entities - Infraguard or information sharing and analysis centers - because they can provide cyber threat data on known vulnerabilities.
The internet has fundamentally changed how we connect with others, the nature of our work, and how we discover and distribute news and ideas. Industry and government are building a strong foundation to preserve our competitive advantage in the global economy and protect the privacy of the American people.
But one thing is certain - protecting your business is worth the investment.
• Ann M. Beauchesne is senior vice president, national security and emergency preparedness, for the U.S. Chamber of Commerce. For more, abeauchesne@uschamber.com or (202) 463-3100.