According to a report published by Cisco Systems, statistically, companies are attacked more than 8,3 thousand times during their lifetime. Unfortunately, many of these attacks turn out to be successful, although we learn from media sources only about the most spectacular ones. However, all companies which fail to stop the attacker, face losses. Even when the attack is not deemed newsworthy, the losses are always severe.
That’s why it is advisable to invest in systems which detect any attempts to gain unauthorized access to company resources. But is detection alone enough to guarantee security? According to the founders of Veronym - definitely not because proper security must always include prevention. They draw an analogy of travelling by train and by plane. When we travel by train, the conductor comes and checks our ticket. He suddenly “detects” that our luggage is too big, we boarded wrong train, and, to make matters worse, it’s going in the opposite direction than our destination. To cut the long story short, it’s a mess. On the other hand, before we even board a plane, our tickets and luggage are “preventively” inspected once and then again - attendants check tickets and cabin luggage. When we finally sit down in the plane, we can be sure everything is exactly as it should be.
For any entrepreneur effective security is closely linked to their reputation and financial situation - successful attack can lead to huge financial problems, not to mention possible legal repercussions. Security, then, becomes extremely important, especially when the rapid technological development is significantly changing how companies operate. A computer with an Internet connection is an office standard now. Add to that mobile phones, tablets, laptops - everything is online all the time. Threats appear not only at the moment of connection with server, but at all times, as the mobile devices are, rarely offline. And it’s enough for hacker to take control of one company device - all the company data is immediately ripe for the picking.
But it’s not only about hackers. Research by PwC shows that the main source of security incidents (33%) are… employees (PwC report “Cyber-ruletka po polsku”). A pdf file with a seemingly interesting offer sent to company email or a link from potential business partner may turn out to be a clever trap laid by a cybercriminal.
That is the reason why prevention is so important. Security needs to be concentrated on systems and applications vital for proper functioning of the company, and to separate any unwanted elements from main information flow. Business has to be protected from external attacks, as well as carelessness of employees. The only traces of any cyberattack should be seen only in reports summarizing the state of company’s security.