Cyber Security Begins With A Plan

*Cyber Security Begins with A Plan*
**By Mike Bridges**

MikeB***The frequency of online attacks against U.S. business continues to increase, along with the cost of defending against those attacks and mitigating any resulting data breaches. Cybercrime now costs a U.S. business $8.9 million per year, an increase of 6% from 2011 and 38% from 2010.  Those findings come from the “2012 Cost of Cyber Crime Study,” which was sponsored by security intelligence tool vendor HP and released Monday (10/8/2012) by Ponemom Institute. The businesses profiled in the study also reported that on average, they’re collectively seeing 102 successful attacks per week, up 72 attacks per week in 2011 and 50 attacks per week in 2010.

****The average breach costs $214 per record compromised; another cost factor is that it’s taking businesses longer to respond to security breaches. On average, it now takes a business 24 days to spot and resolve an attack, although some cleanup operations extended to 40 days. On average, each cleanup cost $592,000, a 42% increase from the average reported in 2011 of $416,000. (Ponemon Institute and Hewlett Packard- 2013).

****Cyber Security begins with a plan. This plan should be developed based on the requirements and risk of protecting third party Non Public Information (NPI). Requirements are driven by federal, state and self-regulatory organizations (SRO) representing the best practices and minimum techniques used to protect NPI and the account of its use. Risk is the harm lost NPI can do to an individual, family or company when used to conduct crime.

****Cybercrime can fall into two categories, Active and Passive Cybercrime. Active is when the crime attacks a target directly. Identity thief, credit card fraud, processing platform takeover and website shut downs. Passive attacks listen to the party line (Internet) to collect information which is not public, intercepting executive communications on financial decisions, intellectual property, legal strategies or summarized as “the stock tip.”

****Financial Institutions need to protect their NPI from potential cyber threats, this includes the mortgage industry. How do you do that? I’ll give you some tips next week.