The risk of cyber-attack and IP theft over digital domains is constant and high and not going away. Not much need to be expounding the pounding on this one, but we will and give you a few tips on reducing the risk.
Expounding the Pounding
Cyberattacks remain high. Incredibly high. In 2014, a high year for cyberattacks, a NetIQ (acquired by AttachmateWRQ) Cyberthreat Defense Report found that 71% of organizations were affected by a successful cyberattack in 2014 (while only 52% expected to fall victim again in 2015). ( Source )
In 2024, North American organizations experienced an average of 1,298 cyberattacks per week, according to Check Point Research, which represented a 55% year-over-year increase in attacks. These attacks affected over 70% of of small to medium-sized businesses, according to Embroker. In other words, despite the continued increase in security software, standards and protocols, cyberattacks haven’t decreased, and neither have their success rate.
Reducing the Risk
Procurement is going to have to finally embrace cybersecurity best practices in everything they do as well as work with IT to ensure that all of the applications they buy or license meet these best practices as well.
Note that when we say best practices, we don’t just mean ensuring the technology meets all the latest specs, but that the organization, and its personnel, also ensures that they they take information security, operational security, and physical security seriously as well. An organization that doesn’t protect its information outside of systems is insecure, and if this includes passwords, the systems have been compromised with one login attempt. An organization that doesn’t maintain proper physical security makes it easy for an experienced hacker (who understands social engineering) to walk in, access a system that is logged in, extract the access keys for the broader systems, and the organization’s systems are then completely accessible by a hacker. And of course, if the organization doesn’t maintain proper operational security, its employees will let hackers right in no questions asked and all of the systems will be compromised.
This will require proper training and monitoring until everyone understands the issues across the entire organization.