News
Why cyber hygiene is key to business safety
November 2023 by Rigo Van den Broeck, Executive Vice President, Cyber Security Product Innovation at Mastercard
Cybercrime is a multi-headed beast, one that is fast growing, constantly evolving and skilled at avoiding detection, so much so that it is predicted that by 2025 it will cost $10.3 trillion worldwide. Left unchecked, it can pose major systemic risks to critical infrastructure - ransomware accounted for more than half (54%) of cybersecurity threats in the European health sector in the last two years recorded, for example.
Wherever an organisation sits within the global ecosystem, customers and partners expect and trust it to operate with their safety in mind. This means maintaining good cyber habits, staying ahead of threats, fixing network vulnerabilities, and applying the same strict standards to the third parties it does business with.
An easy analogy for this is to think of it like owning a car, which I’ll refer back to a few times here. We all understand the importance of maintaining our vehicles, whether that’s keeping it in good physical condition by checking the tyres, putting in the right fuel etc or keeping it safe and insured. Cybersecurity for businesses requires exactly the same maintenance – this is ‘cyber hygiene.’
Without good cyber hygiene businesses clearly risk financial damage, but what’s often less considered yet of higher importance are the reputations that could be left in tatters: one in ten consumers will stop buying from a company if it suffers a data breach. It takes time and effort to build trust with customers in the first instance, and it can take just one incident to break it instantly, in which case that company will have lost that customer forever or they will have to put in a significant amount of effort to rebuild.
It is important therefore to evaluate the blind spots that can make organisations vulnerable and assess what can be done to mitigate against these risks to keep themselves, their suppliers and their customers protected.
Beyond the basics
Common misconceptions around cybersecurity are that it is only relevant to those that handle sensitive data, and beyond that, having a strong password or a firewall will do. Such organisations might think they’re protected, but can they confidently say the same for the third parties they deal with? Or their fourth parties, their supplier’s suppliers?
Here’s where the car comes in again - think of a business like the vehicle on the road. Traffic is flowing smoothly until somewhere ahead a crash happens, and immediately there is a ripple effect on the cars in front and the road is closed. Suddenly and through no fault of your own, you are brought to a halt and unable to continue because the network is interconnected - the same is true for digital networks.
A high-profile example of this was a recent hack that a third-party vendor suffered which caused multi-day outages to their client’s internal systems. The impact was steep and swift with financial losses of around $9 million per day, along with a significant drop in the company’s stock price, and a loss of trust.
Retaining trust, the one commodity that businesses can’t buy, will get harder as cyber threats evolve. As this evolution is a universal truth, no organisation should ever consider claiming they have 100% security. A network system that was deemed ‘healthy’ mere months ago may already now be at risk from new threats. We’ve found that companies that operate with effective cyber hygiene habits report breach event rates that are nine times lower than for companies whose hygiene rating is very bad.
Building and maintaining cyber hygiene
Back to our analogy, any car can, at any time, be impacted by circumstances beyond their driver’s control – a road traffic accident or a break in, for example. This is where insurance comes in, a safety net that will protect the vehicle when the unexpected happens and get the driver back on the road.
As vendor networks grow and become more interlinked, good cyber hygiene habits can act as that insurance in cyberspace. Increasingly businesses are becoming aware that they don’t have to shoulder the burden by themselves thanks to the likes of automated risk assessments, continuous monitoring and the ability to pinpoint high-risk vendors. These tools can help organisations have an enhanced understanding of the risks facing them, zoom in on suspicious network traffic spikes, and move fast to erect robust safeguards against DDoS and web application attacks.
Foresight and action
No matter how well protected it is, no business is immune from risk, particularly when there is clear evidence of growing geopolitical motivations and increasing systemic attacks. Alongside this trust is hard-earned and businesses depend on it, so it must be carefully protected; identify the threats faced today and anticipate the ones to be faced tomorrow.
Those businesses which maintain good cyber hygiene habits will be fitter, stronger and more prepared to withstand future threats. It is those businesses that will be at the helm of a robust digital ecosystem, building trust with customers and consumers.
