Importance of Network Safety to Business5
Attacks to Beware and Stay Alert to..6
Businesses Largely Preferred by Cyber Criminals.7
Damage and Fiscal Losses as a Reason to Consider Network Security worth Adopting10
CONCLUSIONS AND RECOMMENDATIONS FOR COMPANIES TO CONSIDER AND THAT IMMEDIATELY.12
Besides its heavily advertised advantage of connecting people, the internet does connect criminals to them. Recent decades have seen numerous internet-associated gadgets, systems, and services emerge like email, smartphones, computers, social media, websites, and cloud-based services actively applied in the business environment these days. Unfortunately to all, there have always been rogue elements willing to exploit breaches in any line of defense, and business enterprises are no exception. Commercial computer systems contain a great amount of sensitive information on business partners, vendors, and customers. If left poorly protected, customer databases, intelligence, trade secrets, strategic plans, and technologies may all end up being seized by hackers or cyber criminals taking full advantage of malware like spyware, viruses, Trojans, bots, and key loggers, ransom-ware and scare-ware. Critical information theft spells the loss of revenue, brand name, image, and the capacity to conduct business for some time, heavy expenses associated with litigation, compensation, fines, and penalties often imposed by the government. While all sizes of businesses are prone to malicious attacks, small businesses stay exposed due to the ignorance of network security measures. The training of personnel, reliable password management, and the acquisition of Cyber Liability insurance policy are among a few measures for businesses to consider for the sake of information safety.
Daya (n.d.) stated that it was by the offense committed by Kevin Mitnick that interest in network security has recently been raised. His was the biggest computer offense in the entire American history costing companies an unprecedented 80 million dollars in source code and intellectual property. Company security has become a top priority since. The evolution of information made available by means of the internet necessitates the evolution of information security. For fear of experiencing a cyber-attack similar to Kevin Mitnick’s, companies place serious emphasis on intellectual property protection (Daya, n.d.). Symantec (2009) suggested that malicious internet activities went commercial in the 2000s in the sense that they became a big criminal venture oriented on monetary gains. Spyware and adware in the shape of Aureate/Radiate, Conducent TimeSink, and Comet Cursor emerged, so did self-propagating malware. Nimda, Code Red, Conficker, Slammer, and Welchia all started capitalizing on unprotected systems. Phishing attacks became the dominant trend going from victimizing online banking to targeting social network websites. In the 2000s, debuting were also rootkits, zero day attacks, SPIM, click fraud, rogue antispyware, and other types of attacks (Symantec, 2009). With the rapid growth of malicious software and the positive dynamics of attacks in mind, businesses need to realize the importance of network security. Overall, the variety of attacks often conducted against business and the increase in their intensity, especially against small ventures, demonstrate the importance of network security and rationalize the adoption of measures protecting against cyber criminals.
Data collection and systematic review were applied to compile a wide variety of quality content on the problem and systematically arrange and synthesize the most relevant information topic-wise. The research demonstrates the application of secondary data in the form of articles based on surveys and reports conducted by Lloyd’s, the National Small Business Association, and other research groups and commercial organizations. Using qualitative research and interviews or censuses, research organizations have presented an impartial view of network security and safety threats. Focus groups was the method applied by the research organizations. Much the same holds true for this research paper. Although not interviewed, a specific business category such as small enterprises was used to demonstrate the target group of cyber criminals. For this research paper, trend analysis was used specifically to determine the major trends in network security, such as the type of businesses primarily targeted by cyber offenders or the amount of financial damage done by criminals.
In what follows, the cyber threats posed by hackers and the scope of damage that is to be done to computer networks prove the presumption of network security vital importance. Sundaram (2010) noted that the primary function of network security was to avert loss caused by data abuse. Absent an adequately implemented network security, a variety of issues may surface, with the effect rationalizing the relevance of a solid security system. Firstly, every business venture prioritizes keeping information secret from market competitors, and the lack of network security may result in the violation of confidentiality. Secondly, failing security, enterprises and individuals risk having their data destroyed, which has a terribly crippling effect on the victims of information destruction. Thirdly, data manipulation is a wily attack, whereby hackers can change data values. The impact makes itself felt once financial information is already in question (Sundaram, 2010).
Importance of Network Safety to Business
Just as Sundaram (2010) suggested that network security was what allowed keeping business information private, so too did Hamby (2014) stressing the company assets or confidential information stored in the computer networks is safe given security that integrates, protects, and provides safe access to data whenever needed. Network security allows business to abide by ethnical responsibilities and regulatory requirements. The development of security and safety-related policies and procedures are mandatory to any commercial organization whose employees work on computers. More importantly, a well-functioning security system a competitive advantage. In the sector of electronic commerce and internet financial services, it is of paramount importance that security be the number one priority. Customers will be unlikely to take advantage of whatever services internet banking has to offer unless and until they learn the networks are secure (Hamby, 2014). The Founder and President of Buckeye Telecom Jonathan Eubanks (2015) also confirmed that network security helped companies to gain a competitive advantage and comply with industry policies and standard codes.
Attacks to Beware and Stay Alert to
Network security is essential to the business sector insofar as enterprises stand exposed to a wide range of malicious attacks that may leave them lacking vital data. According to the U.S. Chamber of Commerce (2010), businesses may fall victim to hacking, which is intrusion into the information system of a business, whereby cyber offenders get access to any computer network or system without owners’ authorization. Cyber criminals take advantage of weaknesses in the software of an operating system or an application for further unsanctioned access and target poorly protected credentials or records. Remotely may attackers choose to install malware in the shape of network worms or self-replicating email viruses on a compromised system. The remotely accessible and large stores of online data are within the focus of cyber criminals. Find Law (2015) singled out such type of malware as spyware that also infects computer unauthorized. Its purpose is to infiltrate the system together with a downloaded application and gather information, such as Social Security and credit card numbers, by recording users’ keystrokes, which results in identity theft or credit card fraud often committed by spammers or marketers.
Cyber offenders use viruses specifically to compromise an entire business network or a separate computer through file corruption and deletion, to name only two. Although often in the shape of useful screensavers, Trojans, bots, and key loggers seem innocent enough to download. Carrying malware like viruses, these applications cab compromise data security as a whole or destroy computer files (Find Law, 2015). Kenyon (2014) reported about ransom-ware and scare-ware. Once victimized by the former, companies find their computers locked up. Worse, they will not come unlocked until companies pay criminals a fee. When using the latter, cyber offenders pretend as though they represented software security companies urging employees that the computer is compromised and that all the needed is to click to malicious sites for further repairs (Kenyon, 2014). A phishing attack, when applied in the business environment, can push for an employee to give up the password to a customer database (Find Law, 2015). Kenyon (2014) admitted the application of spear-phishing used to target the administration staff of small and medium-sized companies. According to (Find Law, 2015), a pharming attack consists in offender’s hacking into a company server for installing the malware that redirects employees typing in a given address to the fake website tasked with collecting whatever information a user gives up.
Businesses Largely Preferred by Cyber Criminals
The chief thing to consider is that the number of cyber-attacks is on the perennial rise. Never a day passes, but cyber thieves commit a large number of atrocities. Global State of Information Security Survey (2015) reported 42.8 million security incidents discovered by interviewees in 2014. An aggregate of 117.260 episodes would take place regularly. The number of attacks rose twofold, as compared with the year before (as cited in Masiello, 2015). York Risk Services Group (2015) suggested that thieves and hackers could find a point of entry to any commercial enterprise that makes use of email, smartphones, computers, social media, websites, or cloud-based services. Small Business Technology Survey (2013) found 74% of business proprietors to be using smartphones to operate their ventures, as opposed to just 57% in 2010. The survey described 45% businesses as using online meeting instruments like WebEx, as against 18% in 2010. The number of commercial enterprises that are conducting teleconferences and calls by means of Voice-Over Internet Protocol or Skype doubled between 2010 and 2013 rising from 28% to an estimated 59% (as cited in Spors, 2013).
According to Small Business Technology Survey (2013), for all the technology reliance, business proprietors are increasingly starting to cope with website or IT management by themselves, without employing outside security experts, which has resulted in greater security fears (as cited in Spors, 2013). Small companies were reliant on technologies ranging from cloud computing to smartphones apps more than they had ever been (Spors, 2013). A business poses an interest to cyber thieves provided that it creates, gathers, processes, or stores payment-related information and has a ready access to personal or other types of delicate proprietary or fiscal information or the website of business partners (York Risk Services Group, 2015). As seen below, business and trade are second most popular to retired military corps in terms of cyber-attacks and their perpetrators from China (see fig.1).
Figure 1. Drake, B. (2013). China and cyber-attacks: A top concern of US experts. Pew Research Center. Retrieved from: http://www.pewglobal.org/2013/02/11/china-and-cyber-attacks-a-top-concern-of-u-s-experts/
However, there are categories of businesses that stir particular interest among offenders. Kenyon (2014) considered medium and small sized businesses exposed to cyber-attacks most, which is particularly true of the ones involved in the federal contracting chain. Seeing that large companies and federal agencies, such as aerospace and defense companies, improved their security procedures and IT defenses following a series of spear-phishing breaches in 2013, cyber offenders decided on moving down the supply chain in their attempts to acquire economic data and intellectual property. York Risk Services Group (2015) agreed that large enterprises had made a hefty investment in refined network security, which made them a difficult victim to target. According to Kenyon (2014), what became the target of offender were supply firms subcontracting under larger companies and smaller contractors. York Risk Services Group (2015) also agreed cyber criminals made a switch over to the partners of large corporations and small vendors.
York Risk Services Group (2015) explained the preference of cyber criminals insisting that SMEs were comparatively easy to target in that they have the shortage of in-house resources or expertise needed to handle cyber threats largely due to their excessive routine concern with business operation and growth. Loads of cash in the bank, client payment information, and intellectual property look too enticing for criminals to let go untaken. Kenyon (2014) noted that the number of attacks conducted against SMEs had taken a sharp upward trajectory in 2013 continuing its growth well into 2014. Based on the Symantec’s Internet Security Threat Report (2014), small companies providing employment to 250 workers and less and medium ventures with between 251 and 2.5000 employees on the workforce experienced 61% as many attacks in 2013, as they did a year before. In contrast, by 2013, attacks on larger ventures had fallen from a high of 50% of overall assaults to a low of 31% in just one year (as cited in Kenyon, 2014).
The Data Breach Investigation Study (2012) also claimed small businesses with under 100 employees to have been subject to cyber-attacks in 71% of cases. In excess of 40% of attacks averted in 2012 were against small firms, with under 500 employees on the staff, which is demonstrative of small ventures being high on the list of hackers’ objectives (as cited in York Risk Services Group, 2015). The Data Breach Investigation Report (2013) and Verizon (2012) came to a similar conclusion, both finding companies with under 100 workers on the staff to be primarily under fire (as cited in Spors, 2013). This is not to say that large companies are immune from attacks after them improving network security. Masiello (2015) reported JPMorgan Chase, eBay, Home Depot, Sony Pictures Entertainment, and P.F. Chang’s Restaurant had all experienced attacks recently.
Damage and Fiscal Losses as a Reason to Consider Network Security worth Adopting
York Risk Services Group (2015) stated that cyber offenders who assault business entities might come to steal trade secrets, intellectual property and bank accounts, to seize and distribute fiscal information, to plant and spread malicious computer software like viruses, and to unhinge day-to-day business operations. While cyber offenses do damage to organizations of any size, the amount of detriment done to a small business can knock the company out cold, figuratively speaking. A cyber assault can leave company’s reputation or brand image badly damaged in its wake. When under attack, a firm stands to lose a great deal having its proprietary information or intellectual property misappropriated. An attack can throw market competitiveness into completed disarray as much as it can sales volumes. Company’s good name can take a further drop as cyber criminals may go as far as to commit a fraudulent activity on behalf of the firm rendering it exposed to lawsuits, penalties, and fines of all kinds. So can enterprise directors or owners be left personally liable for fees and damages induced by cybercrimes. Business partners, vendors, and customers may all find their identity stolen. Customers can file a class action lawsuit against the company. Eventually, the restoration of brand name, the interruption of business activities, awards and actions paid and taken as a form of compensation, and litigations expenses can take tremendous funds to pay and afford (York Risk Services Group, 2015).
Masiello (2015) also singled out legal defense fees, albeit the expert explained the purpose of expenses. Companies may have to spend on the implementation of electronic countermeasures and insurance to identify further attacks, fines imposed by the government for the violation of industry codes, identity protection services for customers, and credit monitoring efforts. Rather than point to sales volume issues, Masiello (2015) cited the loss of both current and future income from existing clientele. As for non-fiscal losses companies sustain, Masiello (2015) named reputation and image damage, competitiveness loss, and the theft of intellectual property also highlighted by York Risk Services Group (2015). Masiello (2015), however, added that strategic initiatives, growth plans, and competitive intelligence could be lost, besides intellectual property. Such are the types of consequences companies who ignore network security do risk facing.
In financial parlance, Spors (2013) reported a median cost of a cyber-assault to be 8.700 dollars. In their jointly conducted study, the National Cyber Security Alliance and Symantec (2012) raised the bar of losses for SMEs to 188.242 dollars on the average (York Risk Services Group, 2015). According to Spors (2013), while the recovery timeline following an average attack is 3 days, 12% of companies can spend a week clearing the mess. The CEO of Lloyd’s Inga Beale claimed that the insurance company had spent 2.5 billion dollars in premiums on specific policies to keep business companies protected. The annual amount increased by one fifth, as compared with 2014. As per company estimates, the amount of financial damage along with disruption cybercrimes do to commercial ventures stands at 400 billion dollars per year. Interestingly, US companies acquire 90% of cyber insurance Lloyd’s offers (as cited in Gandel, 2015). Masiello (2015) revealed the actual cost of cybercrimes business-wise. The number of companies reporting the incidents of attacks rose by 92% over 2013. Large companies like Home Depot, Sony, and Anthem incur a reported 20 million plus. The cost of managing and softening data breaches depend on company size. Thus, large ventures, with financial arrivals running up to 1 billion dollars, lose in the region of 5.9 million dollars while medium-sized counterparts with the revenue between 100 million to 1 billion do in the neighborhood of 1.3 million. Small enterprises earning under 100 million forfeit 0.41 million dollars (Masiello, 2015).
Conclusions and Recommendations for Companies to Consider and that Immediately
Spors (2013) suggested back-upping data on a regular basis and storing it off site, creating stronger passwords via password management software like LastPass, upgrading or updating antivirus programs, and making sure cloud-based data is stored safely. York Risk Services Group (2015) also proposed to prioritize password control suggesting that practice reliable password management should make mandatory the complexity, minimal length, and expiration of passwords. York Risk Services Group (2015) offered taking an inventory of intellectual property, data, and other critical assets at company’s disposal. Companies would be bests served by training their staff on the basic in view of the fact that the reasons of breaches often remain unknown to subordinates. Upon employees’ departure companies should waste little time, if at all, disabling user accounts. It is always wise to monitor the access to delicate files, to conduct the routine audit of accounts, and to make it known to the staff that company asset misapplication and data leakage will have repercussions. Businesses would be better off isolating critical business information and functions. Towards that end, they need not use systems accommodating delicate fiscal information, product software, or Pot-of-Sale system for using social media, email, games or web browsing. Last, but not least, a Cyber Liability insurance policy would be a wise decision to make (York Risk Services Group, 2015).
In recent decades, internet-associated gadgets, systems, and services emerge like email, smartphones, computers, social media, websites, and cloud-based services have developed at a very rapid pace. Trying to keep abreast of time, business is no alien to using what modern technologies have to offer. Opportunistic cyber criminals seem willing to lay hands on customer databases, intelligence, trade secrets, strategic plans, and technologies made available by poorly protected business systems. Applying malware like spyware, viruses, Trojans, bots, and key loggers, ransom-ware and scare-ware, criminals receive access to sensitive data or get the opportunity of blackmailing companies into paying a free for unlocking a computer, as is the case with ransom-ware. Considering the frequent application of gadgets in routine business activities and their convenience for cyber criminals, business owners had better adopt network security. By leaving their system poorly protected businesses risk losing revenue, brand name, image, and the capacity to conduct business for some time and incurring heavy expenses associated with litigation, compensation, fines, and penalties often imposed by the government for not complying with regulations.
Although the businesses of all sizes are prone to attacks, larger companies have adopted tough security measures leading cyber criminals to shift to smaller enterprises often more obsessed with operation and growth. That a single insurance company like Lloyd’s is willing to spend billions on security policies shows cybercrimes are a costly matter that needs dealing with by all. The American companies purchase the prevailing majority of insurance, which is a sign of a dangerous environment, in which US-based ventures operate. Important is that US companies be mindful of the trend if they are not to face financial and brand issues a cyber-attack may provoke. The training of personnel, reliable password management, and the acquisition of Cyber Liability insurance policy, the upgrading of antivirus software, and the punishment for the misapplication of delicate data are measures businesses should consider. Therefore, the adoption of network security is critical to business of all sizes; however, small companies should be the primary users of security software as the primary targets of cyber offenders.
Daya, B. (n.d.). Network security: History, importance, and future. Florida: University of Florida Department of Electrical and Computer Engineering. Retrieved from: http://web.mit.edu/~bdaya/www/Network%20Security.pdf
Drake, B. (2013, February 11). China and cyber-attacks: A top concern of US experts. Pew Research Center. Retrieved from: http://www.pewglobal.org/2013/02/11/china-and-cyber-attacks-a-top-concern-of-u-s-experts/
Eubanks, J. (2015, January 14). Network security and its importance to business organizations. [Web log post]. Retrieved from: http://blog.buckeyetelecom.com/network-security-and-its-importance-to-business-organizations/
Find Law. (2015). Cyber-attacks: Small business guide. Thomson Reuters. Retrieved from: http://smallbusiness.findlaw.com/liability-and-insurance/cyber-attacks-small-business-guide.html
Gandel, S. (2015, January 23). Lloyd’s CEO: Cyber-attacks cost companies $400 billion every year. Fortune. Retrieved from: http://fortune.com/2015/01/23/cyber-attack-insurance-lloyds/
Hamby, C. (2014, May 7). Importance of network security for business organization. AvaLAN Wireless. Retrieved from: http://info.avalanwireless.com/blog/bid/385189/Importance-Of-Network-Security-For-Business-Organization
Kenyon, H. (2014, June 18). Cyber attackers target small, midsized businesses. Information Week Government. Retrieved from: http://www.informationweek.com/government/cybersecurity/cyber-attackers-target-small-midsized-businesses/d/d-id/1278632
Masiello, L. (2015, February 11). The real cost of a cyber-attack on your business. TECHmarc Labs. Retrieved from: http://www.techmarclabs.com/blog/2015/2/11/the-real-cost-of-a-cyber-attack-on-your-business
Spors, K. (2013, September 17). Cyber-attacks on the rise at small businesses. American Express. Retrieved from: https://www.americanexpress.com/us/small-business/openforum/articles/cyber-attacks-on-the-rise-at-small-businesses/
Sundaram, K. (2010, April 22). Why is network security important? Bright Hub. Retrieved from: http://www.brighthub.com/computing/enterprise-security/articles/69275.aspx
Symantec. (2009, September 24). A brief history of internet security. SC Magazine. Retrieved from: http://www.scmagazine.com/a-brief-history-of-internet-security/article/149611/
The U.S. Chamber of Commerce. (2010). Internet security essentials for business. Washington DC: The US Chamber of Commerce. Retrieved from: https://www.uschamber.com/sites/default/files/legacy/issues/defense/files/101026cybersecurityfinal.pdf
York Risk Services Group. (2015, January). No business is too small for a cyber-attack. York. Retrieved from: http://www.targetmkts.com/information-center/item/download/556_7dc70f66fa96bc52f144b32bb5efb624