How Bad Can It Get?
Why is protection important? How can a breach impact you and your organization? How bad can it get anyway?
We’ve previously outlined why criminals attack, what tools they will use, and why they are successful. In this next module, we delineate the negative impacts a breach may have. Yes, it is frightening and should provide you an incentive to improve not only your own awareness, but ensure the email security awareness of those around you.
The issues around a cyber security breach primarily fall into financial losses and data losses, but don’t exclude the losses of faith and reputation that also come (those are simply less tangible). While they both feed off each other, they present their own unique downsides and both are uniquely essential to the business case for stronger email security awareness and training.
Take the case of ransomware. While the criminal might seek a few hundred dollars in ransom, it will often cost many times that to ensure your servers and network are clean. That is of course if the ransomware hasn’t already destroyed your databases.
There’s a huge value to the data you hold. Whether you have credit card records, medical records, social security data, or even simply email addresses, a criminal can either sell the data on the dark web (the “underground” internet) or even use it themselves to perpetrate further attacks.
Where data is today’s gold, losing it will have serious ramifications.
The Loss to The Attack
With a majority of attacks motivated by financial gains, this one is the most clear-cut.
There’s the costs of being the victim of cyber assisted fraud, whether a romance scam or Business Email Compromise which can run from the average cost of about $40,000 into the millions for an individual attack. There are the ransom costs to pay in the case of ransomware, which is tiny compared to the costs of system restoration and tests. Invoice fraud, impersonation, Spear Phishing, and so on, are all costly, but likely small in comparison to the overall costs.
Brand Damage
In the event you use your customers’ data, the trust in your brand will be significantly eroded and remain an uphill battle to restore (if ever). Trust takes years to build, seconds to destroy.
Regulatory Problems
Increasingly, data breaches are becoming deeply regulated.
This can be down to the minutiae such as how long you have to report it, to whom, what has to be reported, can you be sued and much more. Regulations vary by country, state and industry. They are quite complex. There are regulations such as GDPR, FINRA, HIPAA, PIPEDA, and others that dictate what steps your organization needs to take to protect your customers’ data and what penalties can be faced for non-compliance, including fines and even jail time in extreme cases.
Business and Email Continuity
Pausing business operations can be costly.
In many cases, be it malware, ransomware or the discovery of spyware, your businesses operations can be brought to a standstill. Ransomware can lock your entire organization out of their computers. An outage will require system restoration from backups (which you should have) and hopefully those are up to date and don’t have any gaps. In the meantime, while IT has to figure out how to stop or remove an attack, and restore normal functions, being without email means a loss of productivity, but continuing to use it comes at the risk, hence using a solution that can enable access to an “emergency inbox” is also critical in managing the costs of a cyber attack.
Financial Losses
Stockholders and stakeholders tend to react negatively towards a breach.
Besides the cost of spam to businesses being in the billions each year, being the victim of any email security breach can have dire financial impact.
We already touched on the cost to halting business operations, regulatory penalties, and brand equity. That is far from exhaustive. Stock prices tend to dip, as in the case of Equifax or Yahoo! which had $350 million knocked off its sale price to Verizon after its record setting breach.
Competitive Loss
Your intellectual property, whether political or corporate is…priceless.
If your competitor wanted to gain a competitive advantage, what could be more devastating to your business than having your strategic plan, the details of a proprietary algorithm or a list of your largest customer contacts fall into their hands? Or if you prefer, if an adverse political party gains access to your emails and uses them to influence elections? Corporate and political espionage often starts with a phishing or other malicious email. Care to try to place a dollar figure on those outcomes?
Changes to Process
Post attack, it’s not business as usual.
Post breach, an organization would (hopefully!) adopt stricter security policies going forward. This can require new large scale training sessions, disruption to normal processes, and other potential hurdles as people adapt to new, more strict policies.
As part of business and process disruption, after a breach, usually people get fired. It’s expected when stakeholders see the breach as caused by negligence. Often it is the c-suite and IT people. Any time an organization is hit by unplanned organizational changes, there’s disruption to daily ongoings.
An Ounce of Prevention
It’s possible to overcome. People or companies who’ve been victim of an email security breach aren’t likely to have to declare bankruptcy, but plenty have had to overcome significant and costly obstacles to get themselves back on track. An ounce of prevention, as they say, is worth a pound of the cure.
Prefer to take our email security
program by email? Subscribe here:
