Security can be a competitive differentiator

Technology has opened a security Pandora's Box

race finish
Credit: Thinkstock

Technology has always been an innovative means to leverage competitive advantage in the marketplace. Technology has essentially provided the next evolution of business, interconnecting global interests, and promoting commerce faster and more efficiently than had previously been achieved. 

As a result, companies have become more technology dependent as well as driven, fostering a need for the most advanced technology to support their business infrastructures. Technology has provided opportunity for smaller businesses to compete on the same playing field as larger competitors.

E-commerce has enabled companies to provide greater exposure to a more diverse and expansive customer base; it has provided a vehicle to quickly and easily purchase goods; and it has allowed companies to showcase the full repertoire of their offerings for sale. Those organizations that have been able to leverage technology effectively and maximize its benefits have been able to gain a competitive edge over its competitors.

As technology continues to provide that innovative edge, it also has introduced potential avenues that can be exploited by hostile actors seeking to take advantage of technology’s greatest weakness – the vulnerabilities inherent in the software and hardware. Cyber criminal and cyber espionage activities have demonstrated that hostile cyber actors intent on gaining unauthorized access and exploiting technology will invariably find ways to accomplish their objectives. 

The various tactics, techniques, and procedures employed by malfeasant individuals and groups have successfully compromised various technology platforms and operating systems. Point of sale systems, third-party networks, website injects, and watering hole attacks are just some of the proven viable vectors of attack that have exploited just about every industry in the public and private sectors.

Technology may have evolved our online experiences and enhanced the way we conduct the business in our personal and professional lives, but it has been a virtual Pandora’s Box that has released detrimental and far-reaching cyber consequences.

We are still in catch-up mode, trying to instill cyber security awareness into our existences. On the business side especially, breaches have become almost a routine occurrence, garnering less surprise both in terms of the compromised and the amount of records compromised. According to one news source, there were more than a billion records compromised in 2014 from approximately 1,500 incidents, a 78 percent increase from the year before. What this means is that despite current cyber security efforts, the bad guys continue to outpace the defenders with their ingenuity, persistence, and patience.

In an environment where companies have to compete on a global scale, providing efficient, easy-to-use technology for consumers is not enough anymore to differentiate themselves from their competitors. Technology is but one part of the equation; another part is having the best talent available to run the technology, as well as an experienced staff to address security concerns and be able to act proactively to emerging threats as well as respond quickly retroactive to specific incidents.

They have to have a robust cyber security strategy in place with robust features that includes incident response planning, breach remediation, and a communications strategy that provides transparency to both customers and the public writ large. Thus, we are seeing the next evolution in competitive advantage – the successful implementation and execution of cyber security actions.

Failure to implement proper cyber security mechanisms can impact businesses’ bottom lines due to lost consumer confidence and switching brands. Target saw its customer traffic drop considerably after its 2014 breach was publicized. These patrons likely turned to competitors for their shopping needs during this period. In some cases depending on the size of the company, it can even render them bankrupt. 

According to a 2014 source, 72% of businesses that suffer major data loss shut down within 24 months. Four such notable businesses that folded as a result of such cyber breaches are Code Spaces, Nirvanix, Mybizhomepage, and Impairment Resources,.  While these showcase incidents of data breaches, data loss occurs other ways as well highlighting not so aggressive cyber security failures. 

Negligence or lack of security due diligence can equally contribute to a poor cyber security posture. According to one article, 60 percent of small and midsize businesses did not back up stored data, a potentially detrimental shortcoming that would affect any disaster and recovery effort should the data need to be restored.

Those organizations that are able to demonstrate that they have cyber security strategies in place to include incident and contingency planning position themselves ahead of competitors that are in the process of developing them or have yet to develop them. 

As long as the cyber environment continues to favor the offensive and criminal actions of hostile actors, organizations must continually improve their cyber security to prove that they are resilient to the dynamic threat space. Those that do will easily distinguish themselves from the rest of the pack and draw the support of customers looking to be reassured that their interests are being protected. 

Given the millions of individuals that have already been provided identity theft protection for a limited time after breaches due to security failures, this will be a refreshing change and reinforce the fact that the organizations that are forward looking are the ones that will be the most attractive to patron.

This article is published as part of the IDG Contributor Network. Want to Join?

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.