According to Bryan Sartin, Executive Directors of the RISK Team at Verzion Enterprise Solutions:
“data breaches are growing in complexity and sophistication, [and] in working with victim organizations, we find that breaches touch every part of an organization up to and including its board of directors.”
With security breaches becoming more and more common:
“companies need to be prepared to handle data breaches before they actually happen in order to recover as quickly as possible. Otherwise, breaches can lead to enterprise-wide damage that can have devastating and long-lasting consequences such as a loss of customer confidence or a drop in stock price.”
While information security is becoming more complex, cyber attacks are unfortunately becoming more common. There are several reasons this is happening including poorly secured databases that connects directly to the internet. Companies often store customer financial data on outdated and weak default security configurations. In the last few years, a number of security breaches have all centered around one type of security configuration: open-source NoSQL databases. Interestingly in the last year, just under three quarters (73 percent) of all security breaches were financially driven.
However, the majority of security breaches could have been prevented with basic security hygiene, according to the Verzion DBIR, “system administrators need to update server software, including operating systems, web applications and plugins.” Essentially, it is sloppiness that causes most breaches, which duly means that these breaches should and can be avoided. Stolen credentials, keyloggers, data-stealing malware, malware communicating with command-and-control servers, and backdoor malware are the top five threats to to companies, with data breaches affecting millions of users at a time.
It is for that reason that it is now more essential than ever to stop, or at least reduce the likelihood of these attacks. With so much information stored online on the cloud, access is easy if security hygiene is lacking. However, security training during onboarding cannot be solely relied on for your company’s information security safety, as human error can lead to sloppiness and effectively have a devastating impact on a company’s credibility. Whether malicious or not, insider threats are becoming more and more common, which is where software like activity monitoring and behavior analytics come into the picture to help reduce that risk. Coupled with two-factor authentication, the risk of a breach is immediately reduced.
With the confidential data of millions stored online and at risk of being leaked simply due to not-up-to-standard security measures and sloppy actions made by employees. There are a number of ways to improve your company’s information security, including the previously mentioned analytics and two-factor authentication, however aside from the obvious risks associated with cyber attacks, the reason as to why we need to work harder to stop them is often little discussed.
Hackers will always be there, adapting to the latest and most complex technology and software, and unless you are not hiring any employees, insider threats will always be there too. Companies can come under attack for a plethora of different reasons, however with 73 percent of breaches being financially driven, one can assume that hackers work for their own, or their group’s, financial gain, gaining access to the financial information of millions of individuals that have trustingly used online services.
Aside from the huge dent to the company’s reputation that has suffered from a cyber attack, companies also run the risk of:
“commercial losses and public relation problems, disruption of operations and the possibility of extortion… negligence claims, inability to meet contractual obligations”.
With so much on the line for both businesses and customers, there really is no questions on whether cyber attacks and security breaches need to be stopped.
Nearly three quarters of cyber attacks and security breaches go unreported, and a number of hackers are not caught or even identified. Many companies do not step forward with information on their losses which only leaves hackers thinking they can get away with it. The longer that companies, enterprises and businesses go on without strengthening their security, regulating response protocol and hiring a skilled IT security team, more and more threats will continue to occur.
Stopping attacks on information security and putting an end to these breaches is no easy feat, and is most definitely an ongoing process. But it is fundamental if companies need a loyal customer base that trusts in their services.
Originally published at itsecuritycentral.teramind.co on July 12, 2017.