Gone are the days of simple firewalls and anti-virus software being a company’s sole security measures. The rise of digitalization and other more advanced technological architectures has changed everything.
Cybersecurity risk is increasing, driven by global connectivity and usage of cloud services to store sensitive data and personal information.
Fundamentally, our society is more technologically reliant than ever before and there is no sign that this trend will slow. Personal data that could result in identity theft is now posted to the public on our social media accounts. Sensitive information like Social Security numbers, credit card information and bank account details are now stored in cloud storage services like Dropbox or Google Drive.
Widespread poor configuration of cloud services paired with increasingly sophisticated cybercriminals means the risk that your organization can suffer from a successful cyberattack is on the rise.
If you are not yet worried about cybersecurity, you should be. Cybercriminal activity is flourishing and is now considered one of the biggest challenges that humanity will face over the next 20 years.
Cybercrime casts a wide net. No business, agency, organization or individual is immune. According to the 2020 Official Annual Cybercrime Report by Cybersecurity Ventures, cybercrime will cost the world in excess of $6 trillion annually by 2021 – up from $3 trillion in 2015.
Organizations have seen security breaches grow by 67% in the past five years alone.
And now it’s not just cybercriminals organizations need to worry about. Cybersecurity breaches have other consequences. Government regulations mandate organizations have cybersecurity controls in place to protect sensitive data or face considerable fines. Cybersecurity laws include:
- Payment Card Industry Data Security Standards (PCI DDS) — Any organization that accepts payment card – credit cards, debit cards etc. – is subject to this law developed by the payment card industry. Organizations must meet 12 requirements related to securing payment card information. Being in breach of PCI DDS exposes organizations to minimum fines of $5,000 per month and maximum fines of $100,000 per month.
- General Data Protection Regulation (GDPR) — This sweeping set of regulations is designed to protect the personal information of all citizens in the European Union. Since many US businesses work with European firms and customers, these businesses must comply with GDPR. Unlike most other cybersecurity laws, this one mandates the use of encryption. GDPR is also especially punitive, with fines potentially totaling tens of millions of dollars.
- HIPAA — The fine is calculated based on the number of medical records exposed, with fines ranging from $50-$50,000 per record. Fines are capped at $1.5 million per year, but organizations may receive the maximum fine for multiple years. Violators may even face prison time ranging from 1-10 years.
- GLBA — Organizations are fined up to $100,000 for each violation of this law, and the officers and directors of the organization may be fined up to $10,000 personally. Individual may also face up to five years in prison.
Learn much more and receive the invaluable training your company, organization or agency needs to help protect assets and data. Tonex offers nearly three dozen courses in Cybersecurity Foundation. This includes cutting edge courses like:
For more information, questions, comments, contact us.