Falling victim of a cyber attack is not as expensive as what you face after the attack. After a Cyber Attack, two major things happen, you lose money or you spend money or in some cases, you lose and spend money.
How do you lose money after an attack?
You lose money when you are a direct victim of a financial cybercrime, you lose money when your intellectual property that is aimed at generating income for you is now available for free on the internet because a hacker has successfully hacked your system to retrieve the materials. You also lose money when your production process which after completion is supposed to generate income for the company has been put on hold or even delayed because the procedure to continue production has been hijacked by cybercriminals. These procedures can be the technology that enables smooth production processes, it can also be the system that controls your production equipment or anything that enables you to provide a swift service to your clients. Once Cybercriminals can attack you or your company, know that you are losing money because you are not producing or providing swift service as promised.
Peradventure, you were attacked and you seem not to have lost anything of monetary value, then get ready to spend money because when you fall victim of a cyber-attack, you are bound to either lose or spend money, so if you are not losing money, then you will be spending money.
What do you spend money on after an attack?
You may be nonchalant before the attack, but after the attack, you will want to prevent the attack in future by buying the necessary technologies and if you have had the technologies before the attack, you will want to know how the attack was carried out to prevent a future reoccurrence and most preventive measures are transacted for monetary value.
In countries with a comprehensive cyber law, if data belonging to employees or clients are breached in the custody of a company, the company is mandated to compensate them for identity theft and this usually comes in form of financial compensation.
A company like Sony Pictures Entertainment that was unfortunate to fall victim of a Cyberattack lost money and also spent money after the attack. They lost monetary values because movies yet to be released were released by the hacker to the internet and they spent over USD 8million as compensation to employees data that were breached; in fact, the total amount that was lost and spent by Sony Pictures after the attack was estimated at USD 100million.
Whether you are either spending or losing or you are losing & spending money during or after an attack, the truth of the matter is that your proposed earning or your company’s profit has been lessened. Sadly, you cannot be cyber attack free, which means that you cannot prevent falling victim to a cyberattack totally, but one sure thing you can do both as an individual and as a company is to mitigate the risk when you fall victim to an attack.
Cyber Security Experts have this philosophy about the type of corporate organization that exists in the corporate world. They believe that the world has two (2) types of corporate organization; the first are those organizations that have fallen victim to cyber-attack and the second are those organization that will fall victim to cyber-attack. Unfortunately, there is no room for an organization that will not fall victim to a cyber attack because every single organization with technologies that were designed, implemented, and operated by humans is a potential victim.
What should you do before the attack?
If preventing a Cyberattack is not feasible, then reasonably, what can be done to mitigate the attack should be the next line of action.
Both as an individual or a corporate organization, it is imperative to mitigate your risk especially when the risk is inevitable. As we begin to draw close to the end of the year, we must begin to prepare for any possible cyber-based attack, we must draw up a cyber risk strategy that will be geared towards mitigating risks and the strategy must include the right technologies that can be used to detect cyberattacks and system vulnerabilities including the services that are required to test the security of the deployed technologies.
Mitigating risk can also be referred to as transferring risk. So you should also consider transferring your risk to an insurance company by picking up cyber insurance also known as data breach insurance policy even though this policy may seem new to the Nigeria Insurance Sector. Looking outside Nigeria to pick up an insurance plan is also an option if the Nigeria Insurance Company fails to offer such services.
Finally, the most ignored risk mitigation technique and yet most effective is empowering employees with the right cybersecurity awareness training. An organization with the right technologies but whose employees lack Cyber Security Awareness training skill means that the organization has failed to understand that vulnerability does not come from your strongest point but your weakest point. Vulnerability channels for corporate organizations can come through the technologies and processes that are implemented in the organization. It can also come from the people that work with the process/procedures or implement the technology. In the chain of security, humans are the weakest link to a corporate security breach both in physical or cyber forms of security. A cyber-based attack directed at a human is what the cybersecurity experts refer to as the “Human Hack” or “Social Engineering Attack”.
So beyond the right security technology, the right security knowledge is required to stay safe while operating in cyberspace!