An expert explains why spending more on cybersecurity isn't the best way to protect your business

cyber monday amazon
Online sales peak during the holidays, with most transactions occurring on "Cyber Monday." REUTERS/Noah Berger
  • It's crucial for companies — from small businesses to massive corporations — to protect against cyberattacks, especially as e-commerce ramps up for the holidays.
  • Consumers expect small businesses to be as secure as big companies for online shopping and will abandon retailers if they believe their information is insecure, according to a new study from the Cyber Readiness Institute.
  • But the best way to protect against cyberattacks isn't to simply spend more money on cybersecurity, according to CRI managing director and former Obama adviser Kiersten Todt. 
  • Todt spoke to Business Insider about the biggest mistakes businesses make when it comes to cybersecurity.
  • Visit Business Insider's homepage for more stories.
Advertisement

More than a hundred billion dollars will change hands online in the coming months as e-commerce ramps up through the holiday season. For scammers and hackers, that means there will be more opportunities than ever for cyber attacks and online fraud.

Consumers are increasingly wary of online retailers that are susceptible to cyber attacks. Three quarters of US shoppers are less likely to spend money at large and small businesses that suffer breaches, according to a new report from the Cyber Readiness Institute.

The report found that consumers expect large and small businesses have the same level of security. That perception may be well-founded, since businesses of all sizes face similar risks regardless of their cybersecurity budgets, according to Kiersten Todt, the managing director of CRI and a former adviser to President Barack Obama.

"Doubling your security budget doesn't double your security. It's not a one-for-one when you look at cybersecurity investment," Todt said. "What we focus on is investing in policies that don't actually involve investing money."

Advertisement

Todt told Business Insider about steps businesses can take to improve cybersecurity without spending more money, as well as red flags consumers should look out for when shopping online through the holidays.

Advertisement

The Cyber Readiness Institute study found that consumers make decisions about where to shop based on cybersecurity — 45% of respondents are less likely and 31% will never shop at a small business that was hacked and lost personal information.

online shopping credit card
Hero Images/Getty

Further, 55% of respondents said they stopped making an online purchase because of concerns around cybersecurity or privacy.

cybersecurity_conferencejpg
Michel Spingler/AP

According to Todt, most consumers aren't well-educated about cybersecurity and only hear about breaches that make headlines or affect themselves or a friend. Nonetheless, shoppers make decisions based on this information.

Advertisement

To minimize the risk of cyber attacks, businesses should treat cybersecurity as workplace culture issue, rather than an IT issue, according to Todt.

women workplace
10'000 Hours/Getty Images

"For a long time we saw cybersecurity residing in the IT department. In this day and age, everyone is a member of the cyber workforce," Todt said. "As a company, every individual has an accountability and a responsibility for security."

looking at phone iphone apple
Jeff Chiu/AP
Advertisement

According to Todt, 91 percent of all breaches at companies come from phishing, wherein hackers gain access to a system by posing as someone else and fraudulently gleaning someone's personal information or passwords.

FILE PHOTO: A man takes part in a hacking contest during the Def Con hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017.
Reuters

The best way to prevent phishing breaches, according to Todt, is to "create a culture of privacy and security at your company."

Corporate Culture
Oli Scarff/Getty Images
Advertisement

Employers should encourage workers to change passwords regularly, avoid using USB drives that come from outside the company, and study the warning signs of phishing, according to Todt.

FILE - In this Dec. 17, 2018, file photo people walk by a building in New York. You carry your smartphone everywhere. But the way you use it could leave you vulnerable to specific forms of identity theft, including robocall scams and hackers looking to hijack your phone number. (AP Photo/Mark Lennihan, File)
FILE Associated Press

In addition, "'password' is a bit of a misnomer - what you should actually be using is a 'pass phrase' and make that pass phrase as long and difficult as possible," Todt said.

The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin May 21, 2013.  REUTERS/Pawel Kopczynski
The word 'password' is pictured on a computer screen in this picture illustration taken in Berlin Thomson Reuters
Advertisement

Todt also suggests that shoppers be aware of phishing during the holiday season, given that "it's very easy to track your shopping history and phishers will say, 'Oh, we saw that you purchased this item, please click here ... always check the email addresses that these messages are coming from."

online shopping
Shutterstock
Tech Cybersecurity Amazon
Advertisement
Close icon Two crossed lines that form an 'X'. It indicates a way to close an interaction, or dismiss a notification.