In a security survey report from September 2016, The Norwegian Business and Industry Security Council (Næringslivets sikkerhetsråd) reports that during the last year, 27 % of Norwegian organizations experienced undesirable security incidents. According to the survey, 4 out of 10 incidents led to loss in production, but most of the participants were unable to give accurate numbers regarding the costs of the attacks.
It is a general assumption that a large number of incidents never are recorded at all. The Verizon Data Breach Investigation Report for 2016 shows that only about 25 % of security breaches are discovered within days. The Mandiant M-Trends report from 2015 however shows that the average time from an information security breach happens until it is discovered in average is 146 days.
It is a general misconception that all cyber security breaches are criminal acts. Many cyber-attacks actually come from youth experimenting with how far they can push the line or from massive non-specific attacks. Some hacks are accidental and quite a few security incidents are pure mishaps, accidental breaches or lack of competence.
Even if you have a small business or you consider your information assets of little value to outsiders, your assets have value to you and your day to day operation. How long can you operate without access to your files and archives, online services, a PayPal solution or even the information you provide on your webpage?
To ensure your continued day to day operation, take the following measures to protect your business from cyber incidents:
- Train your employees in cyber security and awareness regularly
- Establish policies and routines for access and information security and require compliance
- Keep your software and hardware updated
- Keep updated on new cyber threats
- Implement barriers such as two factor authentication, firewalls and back-up
- Plan ahead and ensure your ability to handle incidents if they occur