Published on April 12th, 2022 📆 | 1992 Views ⚑
0Why Do They Fail to Enhance Their Security?
The world has a positive perception of security-aware individuals and tech companies. Thatâs why we often assume that theyâre the entities most at risk, but this is a misconception. In fact, cybersecurity is more of a problem with public companies in particular, and thatâs the case for many reasons.
Generally, public companies perform worse than many individuals who have lower budgets. Why? Take a look at these 4 reasons:Â
- Inert management/lack of oversight
- Outdated equipment
- Greater targeting
- Insufficient awareness
Public company management and workforce arenât focused on cybersecurity as a possible point of loss. That means these attacks are more likely to happen to public companies, and more likely to succeed.
Additionally, while public companies have arguably engorged budgets overall, they would need to project for any expenses in regards to cybersecurity. That often includes larger amortization costs. The owner of the company (the public) is also less likely to accept these costs.
Here, weâll divide the issues into technical and human, and see where is cybersecurity a problem with public companies..
Is Technical Cybersecurity a Problem with Public Companies?
Yes, it is. Public companies may employ senior security experts that are aware of all the issues, but these experts have diminished resources. They also usually cover way more ground than their private counterparts.
In 2018, public companies endured more than 67 attacks, according to analysis from the Center for Strategic & International Studies. Each attack made a loss greater than $1 million, and shows a steep rise in both frequency and cost.
While none of the biggest security breaches in 2021 were of (entirely) public companies, many smaller attacks were.
In 2021, the number of these attacks jumped to 188. The most prevalent issue? Unauthorized access. Even though human errors enabled and finalized most attacks, many of them were still due to the technical solutions.
Sometimes, the solutions were outdated. Other times, the system had a bad setup in the first place. A good example is the case of the Singapore Hospital breach in 2018. In that story, many people had access to information, even those who shouldâve never had it in the first place.Â
Letâs go over some reasons why cybersecurity is an issue for public companies.
Low-Hierarchy Networks
In any network, data access hierarchies should be a major concern. It doesnât matter if itâs a collection of individuals, a small business, or a public company. Data segmentation is necessary, and any cybersecurity expert will advise that each employee should only have access to information necessary for their work.
For public companies, that isnât always the case. In many instances, all of the devices on one server have access to all the data on that server. Even worse, the companies donât impose any significant restrictions. That makes each device on the network a possible point of impact (POI), and in turn, a risk.
In such cases, one unsecured wireless device, a small software exploit, and a disgruntled employee can risk your whole system.
Outdated Hardware and Software
Regular updates are a cornerstone of cybersecurity. While companies canât always update the moment the new stable version is out, they should still manage their updates at least monthly. In the online world, even a few hours can make a difference between being secure and being a victim.
Contrary to that rule, public companies often work on an administrative schedule, updating their software quarterly in the best case. Yet, many also update annually, which is even worse. When it comes to hardware, the situation is even worse. Most of their equipment is older than five years.
Such old hardware and software usually have already established exploits. Cybercriminals already know the ways to hack them, making the number of attackers that can harm significantly larger.
Still, most issues are due to human error.
Human Error Is Common
The easiest way to hack any company is to hack customer support. Acting out a sob story is less demanding than finding a software exploit. Cybercriminals can also exploit the human element in many other ways!
These issues arenât unexpected given the increasing workload for these outreaching positions. Thatâs why, we canât place the full blame on the employees. Yet, we canât deny that the problems they cause also have repercussions.
Public companies often connect emails and platforms to their main server. This way, a simple phishing attack on someone who opens dozens of emails each day can spell disaster for the entire company.
Inert Management
The cybersecurity landscape changes constantly. Given the surge in AI, IoT, and cyber warfare, all entities need to stay vigilant, public or private.
Regretfully, negative selection riddles public company management. In fact, many managers receive promotions because of their good relations with high-ranking individuals, not their expertise. . A managerâs cybersecurity knowledge comes after their friendship with the municipality, state, or county.Â
The managers also need to explain to the public that the cost of cybersecurity is on the rise, so they simply decide not to make the expense and hope for the best.
Limited Expertise
Public companies rarely consider cybersecurity as a cornerstone for operations. Thatâs why they often lack recruitment for cybersecurity positions. In turn, that makes the companies more vulnerable to attacks.
In most cases, the system administrator only has to keep the network running. This doesnât leave openings for a good cybersecurity strategy and its implementation. We also donât hear about any exceptions, because they arenât under attack.
Finally, most senior cybersecurity advisors will also stay clear of public companies because they have this perception. As a result, public companies lack the expertise to be proactive about the newest threats. They also canât react if a new issue arises.
The Final Word
Between 2016 and 2021, the number of successful cyber-attacks on public companies has increased by over 400%. Right now, itâs also costing municipalities, states, and the Federal Government over $200M each year on average.
These cyberattacks happen for human and systemic reasons, but the implementation of proposed solutions isnât near. Thatâs why, individuals and companies need to be mindful of the data they share with public companies.
Ideally, you should consider any and all data sharing as a liability. You should also only share the information completely necessary for everything to function.
Get The Latest Cybersecurity News
Resources
TechGenix: Boost Your Cybersecurity
Find out why allowlisting is great for your companyâs cybersecurity here.
TechGenix: Human Threats to Cybersecurity
Read about the human elements that may create cybersecurity risks here.
TechGenix: Cybersecurity and Vendors
Discover why you need to include your vendors in your cybersecurity strategy here.
TechGenix: Prioritizing Cybersecurity
Learn how to make cybersecurity a priority here.
TechGenix: Creating an Impressive Cybersecurity Resume
Read our tips on how to create an outstanding cybersecurity resume.
Gloss