01/29/2015 05:15 EST | Updated 03/31/2015 05:59 EDT

What Your Business Can Do To Battle Cybercrime

Small and medium sized companies mistakenly believe hackers will not target them because they are small. The reality is that hackers come in all shapes and sizes. They often target smaller companies without the resources and skills to protect and secure their systems. They sometimes practice with smaller firms before moving to larger companies.

Back from the holidays and you probably have a list of resolutions you have started for 2015. It is important to create goals for things you can control and get started. Despite news stories, the future is bright.

The Future Is Better Than You Think was published in 2012 and certainly rings true today. It was written by Peter H. Diamandis and Steven Kotler, who believe the general shift in the world is towards the upside. There certainly are things to be concerned about, one of which we will talk about in this article. According to Diamandis,

"Humanity is now entering a period of radical transformation in which technology has the potential to significantly raise the basic standards of living for every man, woman and child on the planet."

One reason for his positive outlook is that technologies in computing, energy, medicine and other areas continue to improve at such an alarming rate. Soon, breakthroughs will occur and improve the way we live in ways not imagined. This really is good news.

While the future is bright, there are threats that accompany exponential technology growth. One example is cybercrime - which has increased dramatically globally and particularly in the United States. Diamandis and Kotler cite Marc Goodman about his predictions for cybercrime.. He is the founder of Future Crimes Institute and chair for Policy, Law and Ethics at Singularity University.

Goodman says that in most countries, "humanity is fully dependent on the Internet". My own view is that the Internet should become at utility and available to everyone at minimal cost like electricity. The Internet has had an effect of levelling the playing field and raising the boats and prosperity for all nations with greater connectivity. However, Goodman is quick to remind us of its dark side with questions about the fall out from bigger cybercrimes? He elaborates further about security threats in a TED talk.

Goodman asks, "What if attacks against banks destroy all records? What if someone's life savings disappear in an instant? What if hacking in hospitals caused hundreds of lives if blood types were changed? Society's entire infrastructure -- our bridges, tunnels, air traffic control and energy pipelines are dependent and run by technology - many of which connect to the Internet. Goodman is not a doomsayer but like most computer experts, he is right by wanting better technology, more responsibility in making it and better policing of it.

What if tens of millions of records -- customer and employee files -- are compromised in big corporations? What if terabytes of data and emails about a company's employees and customers are stolen and shared publicly. In fact, 2014 turned out to be a record year for cybercrime and data breaches in government, corporate and small and medium companies in the United States.

According to a Wall Street Journal poll, 71.9 per cent of readers say the top compliance issue in 2014 was cybercrime and data privacy. The biggest stories were related to the Target, Home Depot and Sony hacking incidents, all of which received considerable coverage. Executives everywhere are paying close attention because many expect cybercrime in 2015 to get worse before it gets better.

Why has cybercrime become such a big problem?

The Sony hack was one of the biggest and most embarrassing data breaches in the company's history. It revealed another flaw, one that is not easy to correct. Goodman says, since so many products come from software, it is tragic that companies are allowed to release buggy software. Goodman says, "Ninety-five percent of all hacks, exploit old security flaws -- where patches do exist that can fix them. Unfortunately, installing patches is a manual process and not everyone installs them on their computer when they should. You only need one susceptible computer on a network to damage an enterprise.

The proliferation of devices and gadgets -- all of which connect to the Internet -- is another big concern. Connectivity offers convenience and flexibility, but also greater exposure to enterprise networks.

Adam Meyers is VP of Intelligence at CrowdStrike, a security technology firm. In an interview with The Epoch Times, Meyers says, "Because there's so much attack surface, every time you add a new system to your enterprise, it becomes a ticking time bomb... The vulnerabilities are so expansive that a company shouldn't think of trying to buy total security, only enough security for select key items." Rather than aim for total security, he suggests identifying a few key company data assets. Then, do whatever it takes to protect those assets.

Cybercrime Insurance

The firm, NetDiligence, releases a study every December on cyber liability insurance. The Cyber Claims Study 2014 reports that 75% of cybercrime claims was from large companies with revenues under $2B. Healthcare and financial services were the two sectors most targeted by hackers. Retailers like Target, Home Depot, Neiman Marcus and Michaels were popular in the media because they lost financial information for tens of millions of customers in 2014. They are also newer to dealing with large-scale cyber threats and breaches and need to ramp up technology investments.

Insurance claims related to legal damages increasingly need to be considered due to compromised data. In Sony's case, the company received at least six class-action lawsuits from ex-employees in late 2014. Employees were seeking damages from being harmed by the company's data leaks and release of sensitive information to the public. According to the Cyber Claims 2014 Study, payout for legal defense ranged from $7,805 to $4 million. Payouts for legal settlements ranged from 0 to $2.5M.

Should Small and Medium Sized Companies be concerned?

Small and medium firms with revenues under $50M account for 23 per cent of insurance claims due to cybercrime and data breaches. Two data points were added to the December 2014 study. The first was whether there was insider involvement. The second was whether a third party vendor was responsible for a breach, which is important for smaller companies.

Many small companies rely on third party companies like Amazon's AWS, Heroku, WordPress and other vendors to host their applications. Twenty per cent of insurance claims can be attributed to an error from a third party vendor. Small and medium businesses need to be diligent in doing whatever it takes to minimize cybercrime and data breaches when dealing with cloud-based third party vendors. A once size fits all approach does not work and business owners and executives are advised to seek professional advice on how to secure information in the cloud as well as information not in the cloud.

Small and medium sized companies mistakenly believe hackers will not target them because they are small. The reality is that hackers come in all shapes and sizes. They often target smaller companies without the resources and skills to protect and secure their systems. They sometimes practice with smaller firms before moving to larger companies. The important thing to remember with cybercrime is that proactive companies are best equipped to minimize threats and damage.

It is true that if someone is determined to break in, they probably will. Companies need to minimize loss of sensitive information by developing plans as well as contingency plans. Based on what we saw in 2014, companies should consider getting professional guidance and ensure they are setup to balance between high employee productivity coupled with managing data security risks. All in all, the future is bright for companies that are proactive in managing certain areas associated with higher risk.