The Importance of Cyber Hygiene for Businesses
By Rigo Van den Broeck, Executive Vice President, Cyber Security Product Innovation at Mastercard
Cybercrime is set to cost $10.3 trillion worldwide by 2025, and it’s growing fast. It’s a multi-pronged mutating threat that excels at evading detection. But left unchecked, it can pose major systemic risks to critical infrastructure. For example, and rather alarmingly, ransomware accounted for 54% of cybersecurity threats in the European health sector between 2021 and 2023.
Wherever your organization sits in the global cyber ecosystem, the customers and partners in your orbit depend on you having good cyber habits to stay ahead of threats and fix network vulnerabilities that could cripple an IT network, as well as the third parties it does business with.
Think of it like driving a car. Every driver understands the importance of maintaining their vehicle. Keeping it in good condition, checking the tyres, putting in the right fuel, keeping it safe, and keeping it insured. Your business’ cybersecurity is exactly the same – and we call this ‘cyber hygiene.’
Just as a driver maintains their vehicle, businesses need to maintain their cybersecurity. But the sad fact is that too many organizations are still failing to practice good cyber hygiene and leaving their networks wide open to attacks. Without good cyber hygiene, businesses are risking not just financial damage, but reputations that could be left in tatters: 10% of consumers will stop buying from a company if it suffers a data breach. It takes significant time and considerable effort to build trust with customers, and just one incident is enough to break it instantly or make it incredibly hard to rebuild.
So, where are the blind spots that can make organizations vulnerable? And how can they ensure they are keeping themselves safe, and that the third parties and suppliers they engage with are protecting themselves too?
There’s no room for complacency in cyberspace
Cybersecurity is much more than just having a strong password, or a firewall. A common misconception about cybersecurity is that it’s only relevant to businesses in the cyber space or those that handle sensitive data. Organizations might think they’re protected. But who can confidently say the same for the third parties they deal with…and even the third parties they then deal with? Returning to our car, think of your organization like the vehicle entering a series of roundabouts.
Traffic can be flowing smoothly, until somewhere in the road network a crash happens, and the road is closed. The ripple effect from that causes disruption to the roads around it, including the one you are currently on. All of a sudden, and through no fault of your own, you are brought to a halt and unable to continue. Why? Because the network is interconnected. It’s the same for your digital networks. Today we are all digitally connected, and we all face cyber risks that ripple outward to threaten your security, and those of your third parties and suppliers.
A high-profile example of this was a recent hack into a third-party vendor that caused multi-day outages to their client’s internal systems. The result? Financial losses estimated at nearly $9 million per day, a significant drop in the company’s stock price, and a loss of the one vital commodity no business can buy, trust.
Keeping that trust will get harder as cyber threats evolve. It would be foolish for any organization to claim they have 100% security. A network system that seemed ‘healthy’ five years ago, or even one year ago, may now be at risk from new threats. While it’s not possible to avoid threats completely, organizations can take steps to mitigating the risk, and that starts with instilling good cyber hygiene habits. We’ve found that companies with good, ongoing cyber hygiene habits are breached much less frequently. In fact, businesses that deploy threat detection and response measures report breach event rates that are nine times lower than for companies whose hygiene rating is very bad.
Take a closer look: one global Fortune 50 company realized that as its vendor portfolio grew, so did its potential attack surface. With detailed cyber risk assessments, the company gained ten times increased risk visibility, making it much more difficult to compromise. That’s a great example of how continuously recalibrating cyber hygiene practices can help businesses increase their resilience.
The key steps to improve your cyber hygiene
Earlier I likened good cyber hygiene to a driver maintaining their vehicle – checking the tyres and changing the oil, etc. but even the best-maintained vehicles can be broken into, or involved in a collision. This is where insurance comes in, to protect your vehicle against the unexpected, and get you back on the road.
As vendor networks grow in size and become more interlinked, good cyber hygiene habits can act as insurance in cyberspace. But as we know how quickly cyber threats can evolve, more businesses are becoming aware that they don’t have to do it all by themselves. Automated risk assessments, continuous monitoring and the ability to pinpoint high-risk vendors can help businesses gain visibility on the blind spots that leave them exposed to danger – and act fast to avoid attacks.
This is how we help organizations today. Trust is our business and with the increased investment in innovative technologies, combined with the fact we monitor 19 million entities across all industries, businesses can now gain enhanced understanding of the risks facing them, zoom in on suspicious network traffic spikes, and move fast to erect robust safeguards against DDoS and web application attacks.
Prepare for today – and be primed for tomorrow
In today’s interconnected cyber world, no business is immune from risk, no matter how well protected it is. With the wealth of data that we gather globally, we’re seeing more evidence of more geopolitical motivations and more systemic attacks.
To protect the trust that your business depends on, you need to identify the threats you face today, and anticipate the ones you might face tomorrow. We’ve shown that those businesses which maintain good cyber hygiene habits and widen their visibility over their networks, and those of their partners, will be fitter, stronger and more prepared to withstand future threats. This enables them to build a stronger global digital ecosystem, building trust with customers and consumers.
About Mastercard (NYSE: MA)
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. Cybersecurity and experience solutions | Mastercard
About the Author
Rigo Van den Broeck leads Cyber Security Product Innovation as part of Mastercard’s Cyber Intelligence organization. He is responsible for managing the cyber products globally, including oversight over RiskRecon, a Mastercard company, and Safety Net. He leads the development of new solutions and programs that provide our stakeholders with insights to mitigate cyber-attacks.
Rigo has an extensive background in fraud and security, specifically in Europe, where he was previously responsible for Mastercard’s safety and security product strategy, developing go-to-market approaches, and spearheading product initiatives in areas such as fraud decisioning, complaint management and authentication (i.e. PSD2 compliance & EMV 3DS). He is also instrumental in key acquisitions and joint ventures.
Prior to Mastercard, Rigo held positions at KBC Bank with responsibilities across Europe.
Rigo holds a Masters in Applied Economics, with a major in marketing, as well as degrees in Psychology and Education from Catholic University of Leuven.