Over the last few years, we’ve seen many top-tier companies fall victim to major cyber attacks. These attacks are only increasing in impact and are driven primarily by sophisticated hackers who sometimes access company systems through third parties.
These “threat actors” can harm our business and cause significant financial, operational and reputational damage.
As one of the world’s largest bottling operations in the
The data we keep on our employees, customers and suppliers require us to be responsible stewards.
We use technology to innovate our business at every level: supply chain, customer relationship management, communications, transactions, plant floor, etc. This drive to innovate is, in great part, what is going to enable us to be successful in the marketplace.
As we increasingly rely on data to conduct business, a successful attack could result in operational disruptions and financial losses. Responding to data breaches is also expensive. Once a data breach occurs, costs accumulate quickly, from incident response, remediation, fines, restitution, legal fees and more intangible costs such as loss of customer confidence and reputation.
Attacks in a production environment can not only bring our lines to a standstill, they have the potential to destroy customer and consumer relationships. A 2014 Mcafee Cyber Security economic study estimated that cybercrime costs the global economy more than $400 billion. "A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion,” the report notes. This includes the damage itself and subsequent disruption to the normal course of business. That figure does not include the immeasurable reputational risk, however.
Most data breaches are about financial gain. But increasingly, we are facing extremely motivated and sophisticated individuals and groups: hacktivists, nation-states, organized crime, terrorism and corporate espionage. These groups are targeting our employees, processes and technology; anything that can be sold for a profit can be a target. We, therefore, need to make a concerted effort to protect our confidential information: employee personal information, payment card information, intellectual property, financials, etc.
Several key lessons can be learned from recent security breaches:
- Social engineering/phishing (the manipulation of individuals into performing action or divulging confidential information) remains one of the biggest threats. Therefore, a well-informed employee is our first line of defense. Information security training is key to tackle this type of threat.
- Many attackers try to break in through third parties processing an organization’s information. Proper oversight of our third parties will help mitigate this risk.
- It’s also important to continually identify our most critical information assets in order to adequately protect them.
- No organization can declare itself 100% secure, but a lot of breaches are avoidable by following simple security measures such as encryption and maintaining data on a "need-‘to-know" basis.
We are in the business of optimism, but as we continue to develop protocols and protections around our data, we always plan for the worst. It is the only way we can ensure every person in our organization takes these threats seriously and acts with an abundance of caution. Taking these precautions is will ensure we keep our commitments to our customers and consumers.
Irial Finan is an executive vice president of The