First, thank you to everyone who made it out to our latest Data Security event at the Detroit Athletic Club. We had a great turnout, and the DAC did not disappoint, offering great food, drinks and views. Hopefully, those of you who could attend found the presentation interesting, and are able to move forward getting data protection a seat at the strategic table. For those who could not attend, hopefully, the brief summary in today’s post will catch you up.
In this week’s event, we took a look at a number of myths surrounding data protection. Starting with the misconception that “hackers” are some hidden group of specialized forces that are only after big companies.
The truth is “hackers” are more common that most people think. They are mostly young males between the ages of 16 and 19, with a strong computer science background. The majority comes from China, but the second largest group hails from the U.S. And although some are in it for the money, there is a very large group of them that just want to see what they can do, making them a very dangerous group.
Second, we learned that the act of “hacking” itself is not as challenging as most people believe. The most common “hack” is really just taking advantage of stolen or lost passwords. And looking at the Top 10 Worst Passwords of 2106 (provided by Teamsid.com), we can tell why this is quite common and easy to do.
The truth is, most “hacks” are just taking advantage of lazy policies. Whether it is a password policy, a software patching policy (think Equifax), or weak email policies, data is being lost in most cases based on some basic fundamental issues with internal corporate policies and procedures.
We then exposed the myth that only large companies are at risk, when the truth is that small and medium sized businesses make up a large portion of all the companies under attack; private ones being the most targeted.
The attackers are even starting to peel away from the obvious high target industries like Health and Financial services, and focusing in on a much broader set of targets.
Next, we dissected the breakdown of costs associated with a data breach, and with the help of a study by Deloitte (Beneath the Surface of a Cyber-attack, Deloitte, 2016) we learned that the vast majority of costs incurred after a breach (90 percent) were previously considered unknown, or intangible by most companies.
This huge difference in what companies perceive the financial risk to be vs. what it actually is, no doubt correlates to the finding of the U.S. National Security Alliance that 60 percent of small companies are unable to sustain their business over six months after a cyber-attack.
Finally, we took a look at the relationship between the Top 10 Business Issues for 2016 and the necessity of collecting new analytics to achieve them, which highlights the fact that competitive advantage is directly related to a company’s ability to collect, interpret, act on, and protect data.
This relationship between competitive advantage and risk is what’s driving the need for data security to have a seat at the strategic table, and not just an afterthought thrown into the hands of a tactical IT person. Understanding business risk as it relates to data, and as it relates to competitive advantage should be a high-level discussion, and should be had with very high-level IT resources.
For any of you who missed the event, or even those that made it who would like to dig more deeply, we would be happy to talk to you and your company about how you are managing this risk, while using data more competitively. Please feel free to reach out and let us know how we can help.
Again, thank you to everyone who joined us to help make this event such a success!