IT Security And Why Businesses Need To Know The Risks
Exponential advances in modern technology have revolutionized business and personal life in many key, positive ways. With that being said, those same breakthroughs have made it possible for malevolent actors to strike online in an increasing number of ways.
The cyber security threat landscape is a vast and growing one for businesses to contend with. It’s a concept that permeates nearly every corner of day-to-day life, from personal and company data security to national security. Yet these threats cannot go unaddressed, and business must continue on. More than ever the corporate world needs educated and skilled leaders to bolster cyber security defenses and thwart attacks when they do materialize. Enrolling in the online Master of Science in Management Information Systems program from the University of Alabama at Birmingham may help prepare students to face the challenges of cyber security.
The scope and cost of cyber attacks
In an age where the Internet of Things is no longer a far-off tech fantasy, but a real-world practicality, the number of vulnerabilities and threats businesses face continue to skyrocket. Symantec, a leader in cyber security software, counted 430 million new pieces of malware in 2015, a 36 percent increase from the year before. Additionally, there were 54 zero day vulnerabilities—a hole in software gone unnoticed by the vendor—discovered in 2015, an alarming 125 percent increase from the year before.
These zero day vulnerabilities exist in widely used applications like Adobe and Internet Explorer, affecting millions of users worldwide, but what businesses need to worry more about are targeted attacks.
Symantec found ransomware attacks increased 35 percent in 2015, and not only that, but the style of attack once thought to only be able to affect PCs was found to have infiltrated Mac and Linux systems. Ransomware is a method by which hackers steal data or shutdown a system and then hold out for a ransom sum to be paid by the affected business or person. This is not the only tool hackers have to disrupt operations, but its increasing complexity shows the lengths to which cyber threats have evolved.
RSA, a cyber security firm, found some of the most used types of cybercrime tactics in 2016 included:
• Carding (53 percent).
• Account takeover (16 percent).
• Wire transfers (9 percent).
• Malware and hacking (8 percent).
• Cashout and mulling services (7 percent).
• Phishing/bots (3 percent).
• DDoS (2 percent).
• Mobile (2 percent).
No industry is safe, either. Symantec found 191 million user identities were exposed in 2015, a new record, and incidents occurred across all kinds of businesses:
• Health Services experienced 120 data breach incidents.
• Business Services, 20.
• Educational Services, 20.
• Insurance Carriers, 17.
• Hotels & Other Lodging Places, 14.
• Wholesale Trade – Durable Goods, 10.
• Eating & Drinking Places, 9.
• Executive, Legislative, & General, 9.
• Depository Institutions 8.
• Social Services, 6.
Big corporate names like Target, Anthem and JPMorgan Chase and Co. have all suffered high-profile cyber intrusions in the last five years. This has lulled some smaller sized businesses into a false sense of security that hackers are only after the biggest fish. This is a myth the business community needs to see through: Symantec said 43 percent of all attacks in 2015 targeted small businesses.
And while larger companies may be more able to shoulder the costs of such setbacks, small businesses are hardly in a position to handle the costs of cybercrime. A 2016 Ponemon Institute and IBM report on the cost of cybercrime found the average cost of a data breach was $4 million, a 29 percent increase from 2013. The per capita cost for each lost record was $158, a 15 percent tick up.
The immediate direct costs are large enough, but a data breach can negatively affect businesses in a number of different ways. KPMG, a multinational accounting firm, recently surveyed U.K. small businesses and consumers on how their attitudes might change after learning of a data breach: 89 percent of businesses that experienced a breach said it resulted in reputational damage. Overall, more than half of shoppers said they would reconsider giving their business to a company they know experienced a breach.
Despite this, just 23 percent of responding businesses said they thought of cyber security as a primary concern. While the uptake has been slow, businesses are increasingly adding new solutions and tools to their arsenal of cyber defenses.
Still, greater prioritization of cyber security strategies is clearly needed across the spectrum. Many will turn to leadership to provide this direction, and CIOs, with a degree in Management Information Systems, may be in a particular position of strength to advocate.
What businesses are doing and where they need help
With so many critical operations conducted over the internet nowadays, businesses don’t have the option of stepping away from the online world as a means to shield themselves from cyber attacks. Increasingly, organizations have invested in new cyber security installations to help protect their data and that of their customers.
Businesses aware of the increased risk and cost of cyber attacks have taken many steps to sufficiently protect the company and its employees against such occurrences, if not prepare them for the eventuality of it happening. PricewaterhouseCoopers surveyed businesses on the actions they’ve taken to improve internal security and found:
• 52 percent have intrusion-detection tools.
• 51 percent actively monitor and analyze security intelligence.
• 48 percent undertake vulnerability assessments.
• 47 percent conduct threat assessments.
• 47 percent maintain security information and event management (SIEM) tools.
• 45 percent subscribe to threat intelligence reports.
• 44 percent conduct penetration tests.
Despite the uptick in cyber security preparedness among businesses, there still exists a large gap between having the defenses in place and having effective responses. To this point, Berkley Research Group conducted a survey in 2016 that found while strong cyber security cultures existed across respondent organizations, 45 percent said they still needed more help in raising awareness and training employees. Additionally, 51 percent said they were unsure if they’d be able to handle a breach if it happened to them.
While the study found other cyber security initiatives businesses engaged in included cloud-based cyber security, advanced authentication and a risk-based framework, the responses about effectiveness were still cause for some concern. When asked to rate their cyber security program as a whole, 39 percent said it was some form of “effective.” When asked about their incident response capabilities, 40 percent rated them as effective.
One way organizations have addressed the effectiveness gap is by having an executive position dedicated to cyber security. In the BRG report, 54 percent of responding organizations said they employed a Chief Information Security Officer. The report noted “organizations with CISOs reported significantly more confidence in the effectiveness of their cybersecurity cultures.”
While a business may have all the tools and protocols in place to respond to cyber threats, it also needs talent to ensure everything operates effectively. Graduate programs, like a Master’s in Management Information Systems, may be able to introduce students to new competencies required for today’s cyber defenders.
How an MS MIS can prepare you for a position in cyber security
Given the rapid rise in cyber security threats, a mirror image increase in jobs related to information security has likewise materialized. The U.S. Bureau of Labor Statistics said that job demand for Information Security Analysts will increase 18 percent between 2014 – 2024, while the rate for Computer and Information Systems Managers is expected to increase 15 percent in the same timeframe. Demand for both kinds of workers is far outstripping that of the overall national average.
Yet even with this growth, a shortage of cyber security talent has afflicted the IT world at large. An Intel report from late 2016 found 82 percent of some nearly 800 global IT decision-makers said there was a shortage of cyber security skills. Approximately 15 percent of U.S. cyber security positions will go unfilled by 2020: 71 percent said the lack of adequate staffing has already contributed to tangible business damages.
Continued education may be able to solve one challenge in addressing the gap. While employers noted they increasingly look at certification and hands-on experience, the ability to specialize within a degree can help prepare students for the varied requirements and skills needed to counter modern cyber threats.
Contact UAB today about an MS MIS
The online Master of Science in Management Information Systems available through the University of Alabama at Birmingham can be used, or considered by those seeking more learning, to combat the menace of IT security.
To learn more, contact an enrollment advisor today.