Website security has become a pressing concern for many different entities, from governments to small businesses. In 2015, the Obama administration increased the FBI’s cybersecurity spending to $14 billion. For companies, the short- and long-term consequences of subpar website security can be severe, and they can affect the business in numerous ways.
If you are falling behind on security measures, rest assured your competitors aren’t
Large-scale cyberattacks that have global implications have been in the news constantly in the last few years. Even the most casual observers can now recite several major attacks that have occurred since 2013: Target was the victim of an attack that saw credit card and other personal information stolen from tens of millions of customers; JPMorgan Chase exposed the personal information of more than 80 million households and businesses; Sony Pictures suffered a hack that led to the release of numerous sensitive internal emails; and most recently the aforementioned DDoS attack on Dyn brought down many of the most highly-trafficked websites on the planet.
This, of course, is only a small sample of recent examples. One consequence of this string of high-profile cyberattacks is that consumers read about them almost constantly. Whereas even 10 years ago the average consumer might not have given a thought to how cybercrime could affect their lives, everyone now knows there is the possibility of danger simply by entering their email address in a web form.
Customers now expect that every company with a digital presence takes the security of their website seriously, and they will run faster than you can imagine if they have any reason to believe that your company is treating their personal information with casual disdain. Most customers don’t expect a website that is free of all vulnerabilities (such a thing doesn’t exist), but they do require that reasonable measures have been taken in their defense. If you aren’t satisfying this requirement for them, they will almost certainly be able to find a competitor who is.
The amount of digital data is increasing ad infinitum
The statistics that show how big data is coming to dominate the digital world are staggering: experts estimate that by 2020, approximately 1.7 megabytes of data per second will be produced for every person on Earth; the total amount of digital data in existence at that time is estimated to reach 44 zettabytes, which converts to 44 trillion gigabytes. For humans, trying to visualize how much data this will be is analogous to attempting to define infinity; we don’t really have an idea of what that means, we just know that it is a massive amount.
This exponential increase in data is a beacon to potential cybercriminals. Imagine that you are a cat burglar and there’s a massive house that you can break into, but the only prize contained within is a single pearl earring. That was the Internet in the mid-1990s; it probably wasn’t worth most people’s time to go searching through the data that existed to try and find a gem. Next, imagine that the same mansion is filled to the brim with diamonds and other precious jewelry, so much so that gems would pour out upon opening a door or window. Now you have an idea of what the modern Internet landscape looks like to cybercriminals, and if there’s nothing to stop them from opening the door they’ll take everything.
It’s hard to earn a customer’s trust; it’s even harder to rebuild it
All successful business leaders understand that getting a customer to trust you with their money and personal data is a crucial part of your growth strategy. They never take this fact lightly, and always respect that the customer is taking a risk by exposing themselves in order to digitally interact with their brand. Once a consumer has been given a reason why they shouldn’t trust your company, it’s exceedingly difficult to win them back and convince them that you have successfully addressed the underlying issues.
In 2015, Semafone, a UK-based company that specializes in fraud prevention, sponsored a study conducted by OnePoll which found that over 86% of respondents indicated that they were either “not at all likely” or “not very likely” to return to a company that was the victim of a serious credit card data breach. This suggests that such breaches have a tangible effect on the company’s reputation among individual consumers, which can have a massive impact on an organization’s performance. While the long-term share prices of most industry leaders who have suffered high-profile breaches (Target, Adobe, Home Depot, etc.) have not been adversely affected, there is less reliable data pointing to the financial effects on smaller organizations. Some experts have concluded that these large companies are particularly well-suited to endure fines and lawsuit settlement fees that often result from these incidents, while smaller organizations lack such a luxury.
Hackers are multiplying and becoming more sophisticated, and no company is immune
What has spurred the sudden increase in the number of hackers from all parts of the globe who are able to break into sophisticated systems and make it look easy? In a broad sense, the phenomenon can be traced to the confluence of three major trends. First, computing equipment, including mobile devices, is cheaper and more readily-available than ever. Many modern hackers can do more with a simple smartphone than the best hackers could accomplish with state-of-the-art technology 20 years ago. Next, the democratization of the Internet has made it possible for people to share techniques and information from across the world. When you combine these factors with the opportunity for technophiles in economically depressed areas to make money by exploiting vulnerabilities, you have a perfect storm of cybercrime.
This ideal environment has led to cyberattacks trickling down from the major companies like Target to the millions of small businesses that populate the U.S. economy. Of the worldwide cyberattacks committed in 2015, 43% of them were perpetrated against companies that employ 250 people or fewer. Business of all configurations and sizes, and across every industry imaginable, must understand that they are vulnerable to potential attacks, and that there is no substitute for thorough security measures.