From the Experts: A Playbook for Mitigating Cyber Risk to Your Corporate Networks As You Grow Your International PresenceFebruary 4, 2016
Murat Muftari is an International Trade Specialist for the U.S. Commercial Service in Eastern Michigan
Newsflash: If your company has a virtual presence then you’re automatically exposed to more cyber intrusions. And if your company is based in the U.S. and has an international footprint, the target on your company’s back is likely bigger than your non-U.S. competitors – a testament to American innovation.
Every day, cyber criminals around the globe gain access to proprietary information like product design specifications, supply chain details, negotiation strategies, intellectual property, and background on joint ventures and other partner agreements. These cyber intrusions result in tangible costs: according to the Ponemon Institute and IBM, in 2015 the average annual cost of a data breach was $3.8 million per company. Today’s 21st century business opportunities are inextricably linked to 21st century risk.
In January, the Michigan Aerospace Manufacturer’s Association and the U.S. Commercial Service East Michigan, gathered a panel of legal, cyber, and law enforcement experts to discuss their recommendations for avoiding cybersecurity risks as you grow your business.
According to Quinn Kuzmich at MainNerve, a cybersecurity services firm, you can choose to do three things with this risk: mitigate it, transfer it, and accept it. Companies must balance the priorities of reducing their vulnerabilities to cyberattacks, while being cognizant of risks they may be accepting at the same time.
The experts at the event presented a few cornerstones on which to build a successful corporate “cyber protection plan”:
- An educated workforce
- The majority of cyber intruders enter corporate networks through e-mails or web browsers – two systems accessed constantly by most employees. That reality means training your employees can be the most effective tactic in mitigating the vulnerability of your company’s intellectual property housed on your corporate networks. The more your employees can identify and avoid phishing attacks, spearing attempts, and malicious websites, the safer your corporate networks (and the proprietary information they safeguard) will be.
- A skeptical IT security team
- You have a problem if your IT security team says your corporate networks are safe. According to the Federal Bureau of Investigations (FBI), 69 percent of cyber intrusions are detected by a third party, meaning internal IT security teams are often not the ones finding vulnerabilities in their own networks. “Once hackers gain access to a network, their goal is to remain undetected as long as possible while elevating their level of access to sensitive information,” says Tom Winterhalter, Supervisory Special Agent with Detroit’s FBI office.
According to Kuzmich, a proactive IT security team is always skeptical of the safety of their own systems. They should perform regular penetration tests to find opportunities that cybercriminals see themselves. The team should bring up vulnerabilities, new threats, and concerns in meetings to the point that they sound like a broken record. If your IT security team fits that bill, they are much more likely to find cyber intrusions on their own networks and won’t be afraid to report them immediately.
- Relationships with the right partners
- Stories emerge daily about the latest firm with egg on their face, detailing how sensitive customer data or proprietary corporate information ended up in the hands of bad actors. Let’s face it: reporting a cyber intrusion to authorities can be embarrassing. However, the sooner you inform law enforcement of suspicious activity on your corporate networks, the quicker they can spring into action.“Being up front with law enforcement as soon as possible after you’ve found a breach can protect your assets, your intellectual property, and your employees,” according to Kuzmich. Alerting authorities doesn’t mean your story goes public – they have good reasons to keep the details confidential. The Cyber Crimes Unit at the Detroit FBI keeps their case information secret to limit the possibility that more cyber criminals will adopt previously effective tactics.If you have concerns your intellectual property was compromised in a cyber attack originating from overseas, the U.S. Patent and Trade Office (USPTO) is another enforcement agency in your corner. The USPTO’s intellectual property experts embedded in many foreign countries go to bat for U.S. firms whose IP is compromised, even through cyber means.
With just one click of the mouse or a stroke of a key, cyber criminals can send your company reeling. Stopping every cyber attack against your firm is not likely an attainable goal; however, there are steps you can take to mitigate and transfer the risk associated with today’s connected world.
If you start with a network of educated employees, a team of ever-questioning IT professionals, and a collection of key partnerships, you’ll be on your way to better protecting your company’s proprietary information housed across your network. And in an ever-increasing globalized and knowledge based world, learning to proactively manage those risks will leave your company primed to take advantage of the 21st century opportunities that exist in the global marketplace.