The world around us: Clients address cybersecurity concerns

The cost of cybercrime is estimated to reach $2 trillion by 2019. What are organizations doing today to combat new threats?

Tags: Fraud protection, Risk mitigation, Cybersecurity
Published: April 05, 2018

It seems like each month brings another story about a cybersecurity attack. The most recent major incident affected some of the most precious data to a person’s identity, which prompted yet another discussion about effective cybersecurity preparation.

Yet despite all these scary-sounding headlines, there are things you can do to protect your customers’ data. When we talk about these threats at U.S. Bank, we seek to educate, not to scare.

My advice to you: don’t freak out — inform yourself about the state of cybercrime today, and what you can do about it.

I recently talked with some of our clients at a panel discussion about cybersecurity. These clients made powerful steps toward prevention and remediation, and their thoughts may help your organization fight cyber fraud.

As new technology emerges, companies must adapt their efforts against ever-evolving threats. Here are four key takeaways from my client panel that may help.
 

Acknowledge the level of sophistication

Cybercriminals have evolved their practice in recent years. It’s no longer an ad hoc system of hackers, but more of a streamlined enterprise that combines individuals with rogue nation-states. The true impact of their actions grows each year, reaching $2 trillion by 2019.

Think of it like a corporate business model: mature, elaborate and flush with financial support. Some fraudsters have even established online training schools to educate others on how to abuse current financial and communication systems.

One frequently cited example of cybercrime, business email compromise (BEC) scams, claimed $5.3 billion in the last several years. We see clients fall victim to BEC scams, as the practice of phishing becomes more sophisticated (and more difficult to track).

The panelists, all leaders from major commercial real estate companies, noted that this level of sophistication will increase as new technology enters the market.

  • One panelist said that new phishing emails look exactly like authentic emails, with few discernible differences. Some even mimic common file-sharing services with pinpoint accuracy.
  • Another panelist pointed out a rise in social fraud, where criminals use social networks to gather sensitive data and mask themselves.
     

Protect your physical and digital assets

It’s sensible to focus cybersecurity efforts on growing online threats. But the panelists noted that companies should still keep their physical security systems in good shape. This involves building a dialog between on-site security and IT teams and any outside vendors.

The panelists dedicated much of their time to physical security efforts, and predicted even further changes in the next several years.

  • One panelist said companies can’t assume that every new tech advancement helps their business. Who you partner with carries as much weight as the tools used. Perform due diligence with any vendor to make sure that they are a good cybersecurity partner.
  • Another panelist recommended a segmentation strategy, where smart-buildings use their own private networks to reduce internet-of-things vulnerabilities over the open Web.
     

Cover everything from prevention to remediation

Computers get compromised. It’s a rule of life in the digital era, and at some point your organization will need to address an attack. Preventive practices help stop attacks, but they don’t help if a hacker gets through. The panelists advocated for a combined prevention/remediation strategy to limit any damage.

  • One panelist adamantly argued that quick detection and remediation tools can save millions once a hack occurs. Spending all your time on preventing attacks doesn’t help if a hacker can linger on your servers long after the breach.
  • Another panelist argued that companies should hire dedicated cybersecurity experts who can train employees on basic prevention and detection capabilities. It shouldn’t take a “major threat” to make these moves.
     

Assume that any public network is compromised

That public Wi-Fi network you’re using at the coffee shop? Assume that it’s compromised, and take all necessary steps to prevent data hacks. That includes using virtual private networks (VPN) whenever sending sensitive data, or simply waiting until you’re on a secure network to conduct transactions.

  • One panelist wondered why so many VPNs still only require a username and password for access. Switch to a stronger, tokenized method or restrict any transactional business on the VPN.

We’re all becoming more hyper-connected, but these connections come at a cost. Check out some additional tips on securing your networks and promoting a safer online environment.

 

©2018 U.S. Bank. Member FDIC.