Cybersecurity Investments Held Back by the COVID-19 Pandemic
Even though cyberattack risks have gone up during the COVID-19 pandemic, fewer and fewer companies are planning to invest in cybersecurity.
In fact, just 25% of Canadian organizations plan to improve their cybersecurity strategy over the next 24 months, according to a Léger survey conducted this fall for NOVIPRO, a firm that specializes in business, IT and cloud computing solutions. This is a decrease of 14 percentage points from 2019.
Link to access the study : https://info.novipro.com/en/en/it-trends-2021
“This finding isn’t surprising when you consider that business owners are having to make tough choices right now. But it’s also a problem,” says Dominique Derrier, NOVIPRO’s Chief Information Security Officer. “We all know that cyber attacks are painful and costly. They hurt businesses financially and emotionally.”
Cyberattacks lead to substantial losses
When an organization gets hit by a cyberattack, it has to spend money to recover its data and to rebuild its IT infrastructure, assuming that’s even possible. But at the same time, the company’s revenues plummet because its operations are interrupted.
Adding insult to injury, cyberattacks can seriously damage a company’s reputation. Prospective clients will think twice before entrusting the company with their data, and current clients could end up suing the organization if their personal information falls into the wrong hands.
When the National Assembly passes Bill 64, organizations that haven’t taken all the necessary precautions will face even tougher penalties.
With 20 years of experience in the cybersecurity field, Dominique Derrier estimates that a cyberattack can cost a company hundreds of thousands of dollars, though the financial consequences can sometimes reach into the millions.
“Costs can spiral out of control quickly,” he warns. “The cybersecurity budget your organization accumulated over several years can be wiped out within 15 days.”
Start with basic cybersecurity measures
Since the pandemic has triggered a rise in cybercrime, organizations are well-advised to do what they can to deter hackers. To begin, companies should prepare an inventory of all their assets, determine which are the most valuable and assess the risks associated with losing these assets.
“Don’t wait for a breach to happen to finalize your inventory,” advises Dominique Derrier. “Performing this assessment can help your company determine what security measures it needs. But one thing that all organizations can do is make sure their employees are familiar with cybersecurity best practices. It doesn’t cost much and it definitely helps,” says Dominique Derrier.
However, the survey that Léger conducted for NOVIPRO found that Canadian companies are starting to slack with employee training. Whereas nearly 74% offered cybersecurity training to their staff in 2019, that number fell to less than 69% in 2020. Quebec organizations are particularly guilty, with just 61% of the surveyed companies confirming that they offer cybersecurity courses for employees.
Next, your company’s IT department should set up basic protections by installing a next-gen antivirus program, managing employee credentials, performing software updates and verifying backup copies.
“Obviously, you need to make sure that backups are being done properly and that they’re functional,” says Dominique Derrier. He goes on to explain that hackers will often sneak into a company’s systems, disable backup devices and copy data. Then a few months later they demand an astronomical sum of money in exchange for the stolen information.
Organizations should start by taking advantage of these simple and cost-effective measures, since they go a long way in keeping cybercriminals at bay. “There’s no sense in going overboard. No one learns to drive in a Rolls-Royce,” says Dominique Derrier. “Objectively, if you can’t manage your backups, you’re not going to be able to manage something much more complex.”
NOVIPRO’s chief information officer is clear: the last thing you want to do is purchase a whole bunch of equipment that you’re not able to operate. It won’t do anything to reduce your risks.
Fine-tune your cybersecurity strategy
If your business has successfully implemented a basic cybersecurity strategy, you may be ready to go a step further, provided you’ve got skilled people who are up to the task. The next level involves installing system-wide monitoring tools and more sophisticated devices to improve security, ramp up performance and apply patches as needed.
How much do these added measures cost? It’s hard to say because each company has its own unique needs, says Dominique Derrier. Plus, security spending needs to be weighed against the risks.
But if there’s anything Dominique Derrier wants people to remember, it’s that cybersecurity investments always cost a lot less than dealing with a devastating cyberattack.