Sony felt the sting. It happened to Home Depot. Target, as well. The Canada Revenue Agency, too. And of course, Microsoft.
Security breaches and hacking exploits and bugs can dirty a business plan like a mudfight at a wedding. Whether you run a startup or a hefty SMB or a Fortune 500 firm, security has to be top of mind, especially while developing your next product.
Let’s look at Sony Pictures, which faced a massive leak of data, including a file inanely called Passwords. The data breach was a long time coming, according to inside sources.
“Sony’s ‘information security’ team is a complete joke,” one former employee told Fusion. “We’d report security violations to them and our repeated reports were ignored. For example, one of our Central European website managers hired a company to run a contest, put it up on the TV network’s website and was collecting personally identifying information without encrypting it. A hack of our file server about a year ago turned out to be another employee in Europe who left himself logged into the network (and our file server) in a cafe.”
While there are no figures calculating how the leak affected Sony’s bottom line, a report by Symantec found the average “lost business costs” per data breach were $3 million in the U.S.
Canada joins the world as a hotspot for exploits. A Statistics Canada report said that six per cent of the 17,000 private Canadian enterprises it surveyed had experienced an Internet security breach in 2013. And look at how hackers snuck into the Canada Revenue Agency records to compromise 900 social insurance numbers.
We all know hacktivists and malware thugs will be on the lookout for their next mark, and don’t assume they’re only going after the major firms like Microsoft and Home Depot. The smaller the firm, the less money will be spent on security. That’s where your hand-wringing comes in; without investing in security, both financially and mentally, you could fall prey to an enterprising hacker or a dangerous bug opening your company to attacks.
Atif Ghauri is the Chief Technology Officer for Herjavec Group, a firm dedicated to providing security to businesses across the world. Ghauri told us the most disconcerting issue is how developers don’t want to deal with security challenges. “For them, speed is everything, they want to get software code out the door. But a smart company would block the launch of a product because of a security risk. And many customers will take that risk.”
He points out security should be embedded in the lifecycle of a product’s ecosystem. Otherwise, a company will have to release patches, bug fixes or a brand-tarnishing mea culpa that could do more damage than waiting another week to release a product.
How should SMBs invest in security? Ghauri suggests harnessing “brains in house and outsourcing muscle.” In other words, listen to your IT team and engineers when they highlight a security issue that needs to be addressed immediately. When it comes to day-to-day maintenance, hiring some security muscle to keep your products exploit-free could be an investment that pays off tremendously.
Also, take to heart what this Forbes report says about securing your company:
When building a defense strategy, it is important to understand that hacking is a business. The adversary has resources and tools and spends ample time researching an organization’s weaknesses to map out their attack plan and trick the defender. Carrying over the IT mindset into security is akin to assigning a traffic accident investigator to a murder investigation. While the first assumes negligence and errors, the latter will always assume malicious intent.