 |
| Photo by cottonbro |
Data breaches of today are as common as opening a computer. It’s not anymore about the question of whether your network will be breached; rather the only question is WHEN?
As reported below, Thales’ Breach
Level Index, shows how breaches are becoming more of a menace as days go by.
A) There were 918 reported
data breaches and almost 1.9 billion compromised data records
worldwide in the first half of 2017.
B) A Lack of Consumer Trust Across
Industries
 |
| Source: Thales |
C) Distinct Differences in the Level of Trust Based on Location, Culture or Regulation
 |
| Source: Thales |
D) Global consumers are feeling the impact of data breaches
 |
| Source: Thales |
See the full
infographic here.
Breaches are wildly variable -
no longer a binary hypothesis in which an organization either has or has not
been breached, instead possessing a different level of fallout breaches
compromising whole global networks of particularly delicate data to others and
with little to no impact to others whatsoever. With the speed of businesses
growing by the day, supplemented by new technologies continuously being
deployed, and sophisticated new attacks regularly being launched creating
untold havoc to a network, it is just a matter of time before a business will
be attacked.
Thales reported that 54%
of consumers believe that companies should be forced into mandatory data
protection controls like encryption and two-factor authentication following a
data breach. Organizations have experienced a breach or two promptings them to
increase security budget allocations in trying to safeguard data from cyber
criminals. Breach readiness to achieve security policy is now incorporated into
the security strategy more than ever. Before organizations considered acquiring
security prevention as ‘just enough for their business’, they are now giving a
hard look at it. Although it is indeed within IT's authority to protect data,
it is the business that owns the data that is greatly affected by security
breaches. Working with businesses to determine the most critical assets of the
business requires the utmost degree of security protection is the overriding
piece in achieving security. According to Cypfer, “The financial, social, and
organizational effect a breach incident has on the organization will largely be
based on the established plan the organization has in place as well as your
current preventive security measures.”
According to Compliance Point,
“A Breach Readiness Review (BRR) helps an organization
prepare for, respond to, and mitigate the impact of cyber-attacks by identifying
gaps in the existing incident response program and providing recommendations
that positively impact your team’s ability to react to threats – maximizing
your organization's resilience to a destructive cyber incident.”
The present-day highly sophisticated
cyber-attacks using top-of-the-line malware programs and innovative Advanced Persistent Threats (APT) perforate any
defenses possible and spread horizontally using file shares and content stored
within the system. This would empower malware to gain a long-term foothold
within the system that will spread to multiple processes, operations, and
applications, even those that are offline. A good deal of corporate data
continues to be defenseless and impotent to most advanced, content-based
malware mainly since traditional defenses are mostly inadequate to resist these
attacks which oftentimes infiltrate the systems using legitimate channels.
Cybercriminals always leverage the vulnerability of these defenses to spread
malware into the system’s file shares and embed its malicious code into comprehensive
data repositories. This results in relentless threat attacks even after
correcting and rectifying it. There should be an implemented automatic system
and endpoint protective security measures to rein in advanced threats. It is
always effective to detect and block sophisticated threats with new detection
methods and not rely too much on signatures.
Oftentimes sophisticated threat
security protection systems merely identify the existence of a sophisticated
threat and issue alert that can be easily disregarded by any IT Manager.
Reportedly an error such as this costs millions of dollars in damages. In the
absence of a system to react to security breaches necessarily, effectively, and
swiftly, an organization is leaving a window wide open to cyber criminals to
surreptitiously steal data or worse spread around the system to exfiltrate more
valuable data. Organization’s breach readiness to achieve security strategy
policies should come from top to bottom. Top-level management should
demonstrate that businesses and customers' data compliance policies are not
just about fulfilling the required minimum standard to pass audit but, rather
it is actually about protecting it.
Remember the adage, if ain’t
broke, don’t fix it, will apply similarly to the saying, if data doesn’t exist,
it can’t be stolen. The life cycle of data should end with every effective
measure of archiving and destroying data that is no longer needed.
_______________________________________________________________________________
References:
1.
Breach
Level Index | Total Records, Data Breaches Incidents and
Data Breach Records by Industry
2.
Forescout
| Advanced Threat Prevention
This site is reader-supported. Hence, it may earn
a small commission from affiliated partners for qualifying purchases should you
choose to buy through our links.