It’s quite possibly the most modern rap sheet around. And it’s growing larger every day.
From hackers looking to steal millions of credit card details to foreign powers allegedly hoping to snag tens of millions of credit card and/or Social Security numbers, cybercrime is fast becoming an out-and-out epidemic.
An epidemic means something that is spreading so rapidly, chances are good it may affect all of us sooner or later. That’s why, no matter the organization or the industry, cybersecurity has to be a priority for everyone.
The Growth of Cyber Crime
As technology has grown and matured exponentially, so too has the frequency with which technology-based crime can be carried out. Consider these sobering statistics:
- Estimates of the cost of cyber crime vary widely but are inevitably substantial, ranging from $300 billion to as much as $1 trillion. Further, things are only projected to get worse. From 2016 to 2019, global cyber crime expenses are expected to greatly increase, reaching an excess of $2 trillion in costs.
- Perhaps even more disturbing, a substantial portion of cyber crime doesn’t necessarily come from the outside. Estimates hold that as many as 40 percent of security breaches are carried out by insiders.
- Nor is cyber crime the sole purview of the lonely hacker working on his or her own. As this article details, the hacking history is going corporate, with “employees” working regular hours in a setting that might look like that of any conventional company.
That can all add up to some costly breaches. People started to wake up to the new reality when, in March 2015, Premera Blue Cross reported that 11 million bank accounts and Social Security numbers might have been accessed by hackers. A month earlier, Anthem said overseas hackers might have gotten ahold of some 80 million Social Security numbers as well as email and physical addresses. And as we all know, the list of major hacks continued to grow in 2016.
How to Make Cybersecurity Job One—For Everyone
One of the empowering themes of my Anticipatory Organization Model™ is the elimination of negative assumptions—in this case the assumption that a particular issue or responsibility is solely someone else’s concern. That is important when trying to develop an organizational culture in which cybersecurity is not just a top priority but one in which every person in the group should be actively participate.
With that in mind, here are some suggestions on ways to foster an organization-wide cybersecurity awareness:
- Talk about it—a lot. One way to raise attention to the issue of cyber safety is to routinely communicate about its ongoing importance to your organization. For instance, John Sapp, chief information security officer at Orthofix, issues monthly written reports on the company’s security status to top management. He also meets quarterly on security issues with a company steering committee that includes the CEO, CFO, the chief compliance and privacy officers, and the legal team.
- Have firm policies in place—and make certain they’re followed. A sensible and effective security policy is only as good as the people charged with following it. Research by best practice insight and technology company CEB found that 90 percent of employees often don’t practice cybersecurity policies that are meant to prevent data breaches and other security threats. Moreover, they do so by their own choice, using personal devices and applications without company approval.
- Build an anticipatory approach to the issue. Trying to react after the fact to cybersecurity problems is like a dog chasing his tail—you can see the target but you never catch up. Instead, encourage proactive cybersecurity thinking. For instance, urge department heads to ask about security issues before pursuing new technology, clinical trials and other activities.
- Keep all technology as current as possible. Investing in the best possible security technology is an obvious and effective strategy. It is also important to make sure that your other technology and tools are up to date, as legacy software and other technology often can’t take advantage of new, powerful solutions.
An old saying has it that a chain is only as strong as its weakest link.
Bear that wisdom in mind in fostering an environment where everyone can fight back against cyber crime.