How much is your company worth?
If you are a CEO who is looking to sell your company, you normally focus on revenue, income and EBITDA (earnings before interest, taxes, depreciation, and amortization) to derive your asking price. That is beginning to change now. Bloomberg recently wrote that major banks are hiring hackers to vet potential Merger and Acquisition deals. (https://www.bloomberg.com/news/articles/2017-06-26/bankers-are-hiring-security-experts-to-help-get-deals-done? )
As they mentioned, this is primarily for larger deals and is not very common at the moment. I think many experts will agree that this is only just beginning. If you are a company that supplies goods or services to a large company, they are already, or soon will be, asking you to do more cyber security testing and reviews. If you get hacked and it affects their business, then it only makes sense that they will require you to be more secure.
If you are selling your company this is even more important. How much is your intellectual property worth if you had already been hacked and it is out on the Internet? What about potential upset clients that don’t know their data was lost a few months before the merger? Bloomberg wrote that a major vulnerability could affect a buyer’s final decision to purchase a company.
If you combine this with the manta many security expert say, “it is not if you get hacked, it is when you get hacked”, things start to look a little bleak. The truth is, there is a big difference between a minor hack and a major data breach. One is a small blip on the radar, while the other is a full-scale PR nightmare. By defending against the former, you have a fighting chance of protecting yourself again latter.
As every business knows, there is a budget for everything. You need a cybersecurity budget and spend it wisely. That means not spending it all on a big blinky device that the manufacturer says will protect you from everything. That device does not exist. You need to practice defense in depth. Not only have a firewall, but also an IPS/IDS (intrusion prevention/intrusion detection) system, security awareness training, Anti Virus, SIEM, etc. Multiple layers of protection will help you detect and ultimately block an attacker that tries to steal your data. There will always be attackers that will try to get into your system, but by making yourself a more difficult target, most hackers will move on to greener pastures. This will help your company become the one that looks better to investors, future clients, or a future buyer.