Earlier this year, the malware program VPNFilter infected hundreds of thousands of office and home routers and networked devices around the world. The cities of Atlanta and Baltimore experienced ransomware attacks, the latter causing the 911 dispatch system to be offline for 17 hours. Confidential data were breached at numerous companies—Adidas, Dignity Health, Honda, LabCorp, MyHeritage, and Ticketmaster, to name only a handful. Cyberattacks, with their potentially deleterious consequences, are a constant threat to all businesses.
“It’s not a matter of if it will happen; it’s a matter of when. Don’t wait for when,” said Nancy Thompson, a Reno-based cybersecurity and privacy consultant.
Consequently, companies must make cybersecurity, or information security, a priority, said Mike Yoder, co-founder and CEO of WinTech LLC, a Las Vegas company that provides virtual receptionist and visitor management solutions to businesses.
“Cybersecurity is the process of protecting information in the cyberworld,” Thompson said. “We are more and more reliant on computers and the data that’s on computers for everything. The more that we’re reliant on it, the more risk there is.”
Risk & Costs
Information security is so critical today because companies, and society in general, continue to depend more and more on the Internet, which has become an essential tool for doing business, said David Langford, vice president of technology, Smart City Networks, headquartered in Las Vegas. Smart City provides telecommunications services for convention centers across the U.S. and three National Football League stadiums.
Cyberattacks are a daily occurrence. Now, with the cloud and Internet of Things (IoT), the risk is elevated because the potential sphere in which attacks can occur is broader. Take, for instance, the example of the Las Vegas casino-hotel that got customer information stolen by hackers who accessed it via the “smart” fish tank’s thermostat.
“[Cybersecurity] is no longer about inconvenience but a financial war,” said Darren McBride, CEO, Highly Reliable Systems Inc. in Reno, which sells and supports networks and computers in Northern Nevada.
A cyberattack can damage the reputation of a company, get it sued, and cause business and revenue loss. Worst case, it can take down a business entirely.
In the U.S., a data breach costs an organization an average of $225 per compromised record, statistics from the Ponemon Institute and IBM Security’s “2017 Cost of Data Breach Study” showed. Costs are higher for highly regulated industries. In healthcare the cost is $380 per file and in financial services, $336. These figures include notifications, legal fees, hiring additional staff, providing identity monitoring services and loss of business.
Despite the potentially catastrophic effects of a cyberattack on a business, experts said in large part commercial organizations in Nevada fall into two camps: those that aren’t doing anything about cybersecurity because they haven’t yet been attacked and those that are making genuine efforts but aren’t doing enough to truly protect themselves and the data they hold.
“They do it with a lick and a promise,” Thompson said. “Until they’ve had a problem, an audit problem or an actual breach, quite often they don’t do it with enough care and rigor.”
Read the rest of the article at nevadabusiness.com.