As the U.S. economy continues to expand at a slow and steady pace, one area of the economy remains red hot – and for good reason. The cybersecurity industry surpassed $75 billion global revenue mark in 2015 and shows no sign of slowing.
Gartner Inc., a technology research and advisory firm, projects the amount of money spent across the globe on information security will top $170 billion by 2020. This would equate to a compound annualized growth rate of nearly 18%, compared to the forecasts for the U.S. GDP during the same time frame of below 5%. Yet, despite the strong growth for security software and the increased capabilities of threat detection, Corporate America seemingly still has a ways to go toward preventing large scale data breaches.
Over the past few years, the financial press has been riddled with reports of major companies entering crisis mode after their websites were hacked and their customers’ security information (passwords, payment information, etc.) was exposed to hackers. Yahoo has been victimized on several occasions. In 2016, the company announced that personal information tied to more than 500 million accounts was stolen. The information stolen could have included any combination of usernames, passwords, email addresses, telephone numbers, and even the answers to password security questions.
Yahoo, unfortunately, is not alone. Home Depot, Staples, Sony, eBay, and Target, among many others, have experienced their own major data breaches due to weaknesses in their internal enterprise security protection systems. Earlier this month Equifax reported that between mid-May and July 2017, cyber attackers accessed the names, social security numbers, addresses, birth dates, and even potentially driver’s license numbers of more than 143 million individuals.
Even security companies themselves have been victimized by hackers. Personal identity theft protection company LifeLock once famously made headlines when its then-CEO Todd Davis published his social security number on company billboard advertisements and television commercials as a show of confidence that LifeLock systems were virtually impenetrable. Over the course of following 12 months, the CEO’s personal identity was stolen more than a dozen times, causing him to navigate through a major self-induced company crisis caused by the provocative advertising campaign.
As recently detailed in the Wall Street Journal, Jay Clayton, chairman of the Securities and Exchange Commission (SEC), believes the investing public has a poor understanding of the risk cybersecurity attacks pose to the economy. As a result, the SEC is advocating for increased public company disclosure surrounding cybersecurity attacks and has called for greater scrutiny of firms that leave their customers’ data under-protected and vulnerable to the threat of hackers.
Companies with weak enterprise security systems that are hacked and, thus, expose customers’ financial data to cyber intrusions can be held liable by state legislators, the SEC, and the public at large. Yahoo faced multiple lawsuits alleging the company was negligent in protecting users’ security information.
How can individuals protect themselves from the potential cybersecurity threats that endanger major companies they do business with? Always use complex passwords with at least eight characters and a mix of letters, numbers, and special characters. Do not use pet names or college mascots, or any other word that could be easily tied to you based on your social media profiles. Avoid reusing passwords or using simple modifications across multiple accounts. Doing so could make it easier for hackers to gain access to many accounts after breaking into just one. Update your passwords regularly and always install the recommended software updates when they become available. Many software developers publish patches to security vulnerabilities quickly after they are discovered. So, routine installation of these software updates can help reduce risk of getting hacked.
Importantly, be aware of phishing (a scam by which an e-mail user is duped into revealing personal or confidential information which the scammer can use illicitly) email attempts. Phishing emails appear to be legitimate emails from a known, trusted source, but they attempt to trick you into clicking a false web link that will upload malicious software to your computer. These scams have become much more sophisticated since the days of the “rich Nigerian prince emails.” One common factor to help identify phishing attempts is that they often try to create a sense of urgency to get you to act before you notice that the email is fraudulent.
In a world of connectivity and convenience, the internet’s rewards certainly outweigh its risks. Yet, while the likelihood of getting hacked is quite small, the consequences can be severe. Adopting these best practices can help mitigate the risk of becoming the victim of a future cybersecurity attack.