Businesses as well as government agencies are increasing their focus on cybersecurity, including hiring more professionals to deal specifically with cyberattacks and the havoc they wreak.
The increased focus comes as businesses struggle to protect customer data and also to respond quickly to breaches when they occur. As the costs associated with data leaks continue to rise, large organizations are finding it more cost effective to hire seasoned IT experts -- including some who earn more than $500,000 a year -- to batten down the hatches and be prepared if and when there's an attack.
In fact, for some organizations, the costs of being well prepared are proving to be much less than the costs associated with cleaning up after a large-scale data breach.
One potential solution to help combat cybercrime is for organizations to build internal teams that work solely on protecting customer data from hackers. Companies like JPMorgan and PepsiCo, as well as USAA (United Services Automobile Association), are taking the threat seriously, hiring chief information security officers (CISOs) and paying big money to protect them from cyberattacks. As more companies follow suit, the position is being given an even greater level of importance.
By hiring a CISO who reports directly to the CEO, businesses can ensure a C-suite emphasis on data and network security. These top-level hires may be part of the solution, but more comprehensive cybersecurity teams and software are generally also needed to provide sufficient protection.
Government agencies like the FBI face similar challenges. Cybercrime has become such a major issue for the FBI that it is in the process of hiring an additional 2,000 cybercrime experts.
Hard To Detect
Part of the problem is that even the best cybersecurity software on the market cannot protect businesses against these attacks. This means that in addition to hiring cybersecurity gurus, companies must either store less data so that customers are not put at-risk or they must heavily encrypt data to make any stolen information useless to the criminals.
Cyberattacks are taking place more often than in the past, but one of the most troubling new trends is that when attacks do take place, businesses sometimes do not report them for days. Legislation is in the works that would force corporations to report breaches quickly. However, that change won't necessarily solve the problem since many breaches go undetected for days or even for weeks.
A study of 253 U.K. corporations, conducted by security firm Tripwire earlier this year, found that at least 40 percent would need two to three days to detect a breach. Unfortunately, that's plenty of time for cybercriminals to go undetected as they steal and exploit private customer data. (continued...)