Security Benchmark: Is Your Association Really Secure?
2017 promises to be an important year for the association sector. According to Abila, this year will see a number of changes for association technology solutions, including greater integration between existing software and platforms, and the rise of the Chief Learning Officer (CLO) position to encourage on-demand, online, and mobile education options.
However, 2017 is also a year of unprecedented cybersecurity challenges for associations. 2016 saw a worrying growth in the frequency and intensity of cyber attacks and breaches, including the October 2016 Dyn cyber attack that was the largest distributed denial of service (DDoS) attack in history. The recent spate of cyber attacks shows no sign of abating. What cybersecurity challenges does your organization face, and how can you best address them?
Security Challenges for Associations
Like many organizations, associations are susceptible to a number of cyber attacks. These attacks could mean serious disruptions and consequences for your operations. Some of the attacks that are most significant for associations include:
- Data breaches. Even major companies and organizations like the Internal Revenue Service, LinkedIn, and Yahoo were susceptible to data breaches in 2016. If intruders manage to infiltrate your network, they might be able to access sensitive or private information about your employees or members, including Social Security numbers and credit card information.
- DDoS attacks. Distributed denial of service (DDoS) attacks are intended to prevent legitimate users from accessing a website or service by flooding it with malicious traffic. In cases such as the Dyn attack in October, users might be locked out for hours at a time, causing the affected companies to lose massive amounts of revenue and consumer trust.
- Ransomware. This is a particularly malicious form of malware that puts a computer or network on lockdown and prevents users from accessing it until a ransom is paid to the attacker. According to a June 2016 survey, nearly 50 percent of respondents had been affected by a ransomware attack at their organization in the last year. In addition, users paid ransomware attackers more than $200 million in the first quarter of 2016 alone.
The Importance of Cybersecurity for Organizations
For people who do not work in IT, the problem of cybersecurity is usually considered to be “out of sight, out of mind.” When everything seems to be working right and systems have not been compromised, executives and managers have no incentive to upgrade their security solutions or change their course—after all, why mess with a good thing? Often, it is only after a breach or attack that people start to wonder where they went wrong and what could have done to prevent it.
However, as the threat continues to evolve, it is increasingly important for organizations to become proactive, rather than reactive, when it comes to managing network security and solutions. The Center for Strategic and International Studies estimates that cyber crime is responsible for world economy damages of more than $400 billion each year. In another survey of executives and security experts, 79 percent of respondents said they had detected a security incident at their company in the past 12 months. Despite these major risks, many companies remain woefully unready in the face of cybersecurity threats. A 2016 survey of more than 1,500 executives from the U.S., Europe, and Japan showed that more than 90 percent of respondents did not know how to read a cybersecurity report and felt unprepared to handle a major cyber attack.
Even those who understand the risks of cyber attacks for their business often have a difficult time judging the effectiveness of a security strategy. It is easy to estimate how much cybersecurity is costing your business in terms of IT staff, firewalls, and lost time and productivity for extra security controls. However, it is much more difficult to estimate how much value your cybersecurity efforts are creating—how many attacks and breaches you have prevented, and what the costs of those attacks would have been to your business.
Rather than focusing on the nebulous value of cybersecurity for your organization, you should treat cybersecurity as something that your business just has to do. Think of cybersecurity as akin to the things you should do regularly to remain healthy. Security is an essential part of your overall organizational health and wellness.
Final Thoughts
While tackling cybersecurity may be an intimidating endeavor for many organizations without much experience in the field, it is an important step in ensuring the success of your organization. In the end, the benefits of protecting yourself against cyber attacks are almost certainly worth the expenditures.
You do not need to purchase the latest and greatest security solution or hire network security geniuses when taking steps to protect yourself. A whole range of cybersecurity solutions are available to suit your organization’s needs and budget, from firewalls and DDoS protection, to a third-party managed security service provider (MSSP).
If you are interested in learning more about cybersecurity solutions that are right for your business, speak with a representative who can help you understand your situation and the options available to you today.