Organizations that are hacked suffer enormous losses. Target lost credibility with millions of customers and untold sales when customers’ credit card information was stolen. Intellectual property including new technologies and drugs under development are in jeopardy as well.
Companies risk being sued and incurring millions of dollars in legal fees from customers and partners hurt by malware if their security is not up-to-date. Mistrust and negative publicity can lead to millions in losses for years depending on how organizations handle news about the hacking. Companies need to develop incidence response strategies including how and when to let customers and partners know their private information is stolen and what steps companies are taking to recover from malware.
It’s impossible to be 100% safe from hackers. However, risks can be mitigated from cyber hacks that often randomly scan thousands of sites looking for those with weak security. Steps in a strong security plan can be categorized under Four Rs:
Resistance to being hacked or infected by malware
- Installing next generation firewalls with multiple applications able to inspect incoming traffic and protect networks from malicious attacks.
- Taking steps to control physical access into buildings and data centers.
- Adhering to regulatory and industry standards for credit card transactions, and secure storage of customer information. Organizations without industry or government security procedures implemented increase their liability when customers whose financial or private information was compromised sue.
- Hiring consultants to do a penetration assessment to determine how difficult it is to hack into the concern’s network and identify vulnerabilities.
- The human factor is often the weakest link in security. Training employees on the importance of security and following correct procedures is critical. Internal errors and staff inadvertently giving information to outsiders cause a majority of security breaches.
Recognition of and Recovery from malware
- Discovering malware and recovering from it are huge challenges. Sony Pictures, Anthem Health, Home Depot, and Target had malware in their networks for months without being aware of it. One option is security software capable of sensing variations from normal computer activity.
- Because files are stolen or damaged by malware, it’s critical to back up important data. Using the cloud is often the most cost effective solution.
- Ensuring that hackers are caught and prosecuted is an important barrier to hackers.
- To prosecute hackers, data and computer hard drives with malware must be saved and isolated so that data is not “tainted” and can be used to prosecute criminals.
- Prosecuting hackers that operate from countries without extradition treaties covering cyber crime is almost impossible. The UK, the Netherlands and Ukraine have cooperated on some incidents involving extraditing hackers to the United States to stand trial.