We had the pleasure of having Benoit Dupont with us at the first Forensik conference, which was dedicated to managing and responding to cybersecurity incidents. Criminology professor and scientific director of the Smart Cybersecurity Network (SERENE-RISC), Dupont gave us an overview of the major trends in cybercrime and the risks they pose to businesses. We took the opportunity to ask him a few questions on INTRASEC, In Fidem’s security channel. Here are the key points to remember.
Don’t underestimate cybersecurity threats
In the United States, the average cyberattack will cost a business $3.5 million. That’s no small change! But you’re probably thinking that this is the kind of thing that only happens to other businesses. In reality, cybersecurity threats are a very present and increasingly sophisticated risk.
At his November 18 talk, Dupont presented us with figures that more closely represent our reality as 95% of businesses in Québec are SMEs.
The average cybersecurity incident in Québec costs a business $33,000.
Contrary to what you might expect, the most vulnerable organizations are not necessarily those in new technologies or banking, but rather those in construction, transportation and manufacturing.
Hackers know that most of these organizations neglect the cybersecurity of their IT systems as they see the chances of being attacked as remote. Yet, computers and information technology are fully integrated into their processes Without access to their systems, even less sophisticated ones, these organizations cannot carry out their operations when dealing with a cyberattack. Dupont’s talk emphasized how ultimately no one is immune.
Cyberattacks come with both financial and psychological risks
At the conference, Dupont highlighted that the risks are not just financial, but psychological too.
A cybersecurity incident can paralyze your systems, making it impossible for your business and employees to conduct their activities. Your operations could be disrupted for anything from a few hours to a few days and even weeks. This results in substantial losses, on top of the cost of hiring specialists to get you back on track.
As you know, the reputation of an organization that has been victim of a cybersecurity incident can be tarnished, leading suppliers and service providers, clients and even partners to lose confidence.
Dupont also focused on another rarely talked about negative repercussion: the psychological impacts on the victims. Whether they are executive officers, business partners or clients, those affected by cybersecurity incidents like data theft can lose sleep or face repercussions at home or socially in a broader sense. This damage remains difficult to measure, but is no less important and also needs to be taken into consideration.
Being prepared: the game plan for a more effective response to cybersecurity incidents
In his presentation, Dupont wanted to help executives and IT managers learn more about the importance of investing in cybersecurity, and particularly in preparing for and managing incidents.
Many mistakenly believe that the necessary investments are expensive, yet certain measures, like having someone in charge of the company’s cybersecurity as their main role and raising staff awareness, are already a huge step in the right direction for being prepared.
Numerous studies have shown that most businesses are far from making cybersecurity a priority; the person in charge of cybersecurity will have a number of other roles, and cybersecurity is often pushed to the back seat.
The sad reality is that more mature companies, as in those who have already taken this step, are most often previous victims of cyberattacks.
Some of Dupont’s other recommendations for reducing exposure to risks are :
- Make regular backups.
- Raise staff awareness.
- Document your management plan: who does what and when.
- Consult with experts who can provide support.
As you can imagine, being prepared in case of cybersecurity incidents allows you to reduce the risks mentioned above as well as the cost. You save a significant amount of time while reducing the stress caused by a cybersecurity threat.
It’s up to you to make cybersecurity your number one priority, and you can always contact us for support. We offer services in preparation, management and response to incidents through our ReaKtion subscription.
Find the full interview (in French) here.