The primary function of the IT organization is to enable people to do their jobs and keep the business running smoothly. Now, however, with so many people logging in from outside the relative safety of the corporate firewall, network security has taken on a greater urgency. For a perspective on what’s at stake with network security, let’s take a look at the actual cost of an average data breach.
According to the 2019 Cost of a Data Breach Report, sponsored by IBM Security, the global average net cost of a corporate data breach is $3.9 million USD.1 Within that figure, the average cost for a single lost or compromised record is $150. The healthcare industry suffers the highest losses from cybercrime, with an average cost per data breach of $6.4 million and an average cost per record of $429. Lost business, it’s important to note, is the largest factor in calculating the total cost of a data breach.
Small and medium-sized businesses (SMBs) face the greatest danger from security breaches. (SMBs are typically defined as under 1,000 employees and under $1 billion in annual revenue.) Attacks on SMBs are relatively more costly than attacks on large enterprises. Moreover, cyberattacks can be fatal to a small or medium-sized business. In 2016, the U.S. National Cyber Security Alliance found that 60 percent of small companies were out of business six months after a cyberattack.2
Public institutions like school districts and municipalities are also being victimized by cybercriminals, especially via ransomware. Without strong network security measures in place, these public sector entities represent a prime target because of a perceived lack of strong defenses.
How can IT managers and their teams protect proprietary data and confidential communications when confronted with aggressive cyberattacks and an expanded remote workforce? With risk planning and true network security.
The business disruptions that came with the COVID-19 crisis — particularly the stay-at-home orders — came upon us rather suddenly, leaving little time to plan and prepare. Businesses now need to regroup and find time to adapt and formulate plans and policies that can carry them into the future. Putting policies in place, upgrading some technology, and strengthening network security on multiple levels does not have to be costly.
Scenario planning is a good place to start. As IT managers examine the risk landscape, cyberattacks are a near certainty. But it’s important to consider not only the most likely scenarios, but also those that are much less likely but potentially catastrophic. Author Nassim Taleb coined the term “black swan” to describe this type of event and COVID-19 is a perfect example of a black swan. Additional examples include lightning and severe weather.
While the risk of any specific infrastructure asset being affected by lightning may be small, we know lightning will strike somewhere. So, just as it’s prudent to put lightning rods on tall buildings, it’s important for IT managers to build risk management strategies and physical networks that are robust enough to survive the occasional unforeseen event, whether in the form of a sudden increase in remote workers or a new species of malware.
Like any disaster planning, network security risk management can lead to faster, fact-based decision making under stress. Once in place, security strategies should also be reviewed and updated on a regular basis to keep pace with evolving threats. The Data Breach Report mentioned above found that organizations with incident response teams in place were able to respond more quickly to data breaches as they occurred, and limit the damage.
The planning that companies do now to mitigate the threat of cyberattacks also helps in their preparations for other events that could force an organization to switch to remote working, such as natural disasters like floods, fires or hurricanes. Specifically, the possibility of extreme weather events heightens the value of automated failover capabilities that protect the continuity of network communications. This means that if one connection fails, the backup connection automatically kicks in until the primary connection recovers.
The National Institute of Standards and Technology (NIST) and other security professionals have made a number of specific recommendations for ensuring the security of remote workers. We’ll highlight some of these and point out where Digi solutions fit in.
No one knows if the economic challenges from COVID-19 will be gradual or lengthy, but business and IT leaders need to be ready for either scenario, including an extended or return period of staff members working off-site, and needing to connect remotely into the corporate network.
Either way, the advantages of the work-from-home model will continue to be felt by staff members who want to avoid long commutes, and enterprises that have the opportunity to reduce the costs of maintaining office space. Because of this trend, and the lessons learned from COVID-19, we believe cellular connectivity with enterprise security is one of the best long-term investments a company can make.
Digi solutions can help reduce the burden on IT staff. This makes the security aspect of the IT job easier, freeing them to focus on more business-oriented issues. There’s no doubt that the bad guys are creative and resourceful. But so are the good guys, and fortunately, there are more of us than there are of them.
To learn more about Digi networking strategies for remote workers, visit our remote connectivity web page.
1 2019 Cost of a Data Breach Report, Ponemon Institute LLC, 2019, https://www.ibm.com/security/data-breach
2 Gary Miller, “60% of small companies that suffer a cyber attack are out of business within six months,” The Denver Post, October 23, 2016, https://www.denverpost.com/2016/10/23/small-companies-cyber-attack-out-of-business/
3 Nassim Nicholas Taleb, “The Black Swan: The Impact of the Highly Improbable,” Random House, 2007
4 Karen Scarfone, Jeffrey Greene, Murugiah Souppaya, “Security for Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Solutions,” ITL Bulletin, March 2020 https://csrc.nist.gov/publications/detail/itl-bulletin/2020/03/security-for-enterprise-telework-remote-access-and-byod/final
Note: This blog post was first published in April of 2020 and was updated on December 30, 2021.