Cutting-edge threats are developed to precisely bear a resemblance of legitimate applications, websites, and emails |
No businesses or any organizations, no matter the size, can resist pinpointed data breaches. It can be just perceptions to some because mostly common citizenry is only familiar with publicize disclosed breaches, but the problem is much worse than what is reported. As per Verizon’s 2022 report, phishing was the cause of nearly 36% of all data breaches. Per the FBI’s Internet Crime Complaint Center (IC3), more than 800,900 reports of phishing were received in 2022, with losses exceeding $10.3 billion.
Photo Source: Sprinto |
“The global average cost of a data
breach in 2023 was USD 4.45 million, a 15% increase over 3 years.”
IBM, Cost of a Data BreachReport 2023
Realistically, organizations can not anymore focus on just preventing threats at the endpoint because they should also be able to identify other hostile threats as they enter the system and also detect and respond accordingly to any threats that have already breached security. Hence, data security is not anymore about securing the system against attacks but, rather it is now about putting up cyber flexibility to mitigate business impact in the event of a breach. Infosecurity Europe in its 2024 Cybersecurity Trends, Obstacles and Opportunities reports, nearly 40% of those surveyed showed that these issues are the driving force in the increased of investment in cyber defenses. Infosecurity Europe 2024 Survey Findings showed that 75% of security professionals have viewed the workforce showing risky security behaviors at work. The types of risky behaviors included using entertainment or streaming services (33%), sharing personal information (14%), and using gaming or gambling websites at work (10%). However, a glimpse of notable changes is in focus from a sole prevention-only security strategy to that of balancing prevention with detection, response, and recovery.
Consequently, the current occurrence surmises that it takes extremely long for organizations to identify breaches. But how long is long enough when organizations do not even know they’ve been breached in the first place? A multitude of organizations lack the resources to monitor and most of them do not have working action plans to counter or even detect incidents of breaches if the organization does not know it’s been breached, how can it suitably respond?
It is a given that, IT security professionals face a lot of complex, often conflicting risks and priorities, and as businesses are becoming increasingly linked and more cooperative with expanded perimeters and are adopting new practices and technologies, it is paramount that, IT professionals need to better understand which sensitive data assets to defend to drive decision-making and risk tolerance. With this in mind, IT security professionals can now work on developing intelligent and intuitive security programs that can be positioned with the organization’s individual business priorities and risk profile. With all the likelihood of disastrous consequences for an organization in the event of data breaches, its capability to respond to and recoup from an attack swiftly and efficiently is critical in building cyber resilience and a brilliant security master plan. In its survey, respondents to the Infosecurity Europe Industry Survey 2015 disclosed that in the event of a security incident, the biggest priority is to mitigate the impact on its customers.
Whatever may the truth be, the information breach underlined yet another notion that no matter what kind or type the organization, how great and successful it is nobody is immune to cyber-attacks. Allowing the organization to function is foremost to security strategy intelligence.
References:
- Infosecurity
Europe Blog | Intelligent Security:
Protect. Detect. Respond. Recover.
- Symantec | Advanced Threat Protection: Network
- Breach Level
Index | Categorizing Data Breach
Severity with a Breach Level Index