Companies are more vulnerable than ever to cyberattacks, as their CIOs will be quick to explain to anyone who cares to ask. A third of them acknowledge that their company has suffered a major cyberattack in the last two years, an increase of 45% compared to 2013. And only one in five IT managers claims to be “very well prepared” to respond to cyberattacks, compared with 29% in 2014. This data suggests that companies are failing to implement sufficient measures to counter increasingly complex cyberthreats. In short, companies are not keeping pace with cybercrime.
One of the fundamental causes of this problem is the digitalization of companies and the way that they are carrying it out. This transformation process often implies an excessive reliance on external suppliers with unknown levels of security. As Antonio Ramos, COO of LEET Security, points out, “only 40% of companies evaluate the security levels of their external suppliers over the course of their relationship.” More concerning is that 47.6% of suppliers can connect to the internal network of companies, and 46.1% store and manage company information. This can be qualified as one of the biggest risk factors for online security in companies. To take Spain as an example, companies have gone from suffering 8,168 attacks in the first quarter of 2016 to 11,879 in the same period of 2017, according to INCIBE. In just one year, attacks and cybersecurity incidents in Spanish companies increased by 45%.
47.6% of suppliers can connect to the internal network of companies, and 46.1% store and manage company information.
Given this situation, companies will need to increase their investment in security measures to avoid the risks of falling victim to cyberattacks, which could lead to economic losses, reputational damages, etc. Not only should this be done for business interests, but, now and in the future, will also need to be done on a strict legal basis. The new General Data Protection Regulation (GDPR), which will enter into force in Europe in May 2018, will require companies to assume responsibility for possible cyberattacks. Taking action only after an infraction has already occurred is insufficient as a strategy and may involve penalties of up to 20 million euros. If you want to know how the GDPR affects your company and how to adapt your company’s data security practices to the new legislation, consult Panda Security’s “Anticipation Guide to the New General Regulation of European Data Protection”.
Advanced Cybersecurity for Your Company
The increase in the number and intensity of security incidents requires a new model based on three pillars: detection, protection, and remediation. All three should be in place before the attack is able to reach its target. But, above all, the key to this new security model must be prevention, thus avoiding the above-mentioned economic and reputational damages.
The secret weapon of smart cybersecurity for businesses is the ability to anticipate. In this vein, Adaptive Defense can be said to bring about the inauguration of a new security paradigm that ignores the traditional model and establishes a new, dynamic model based on the principles of contextual intelligence. This solution from Panda Security is able to anticipate malicious behavior without the use of previously known malware signatures, a proven defense against cybercrime for companies both large and small.
Plus, companies that rely on Adaptive Defense are getting a head start when it comes to meeting the requirements of the GDPR. Not only for its proven ability to protect and reduce risk to a minimum, but also because it includes reporting tools to satisfy the obligation to notify authorities of security breaches within 72 hours of any incident.