In the year 2005, the world heard about the first major data breach where 1.4 million credit card numbers and names of DSW Shoe Warehouse accounts were compromised. This was followed by the first ever data breach affecting a college- George Mason University where hackers exposed 32000 student and staff names, pictures, and social security numbers.
The next big blow came when hackers exposed some 40 million credit card accounts of CardSystems Solutions.
Since then, cyber attackers and their methods are growing rapidly; they are never at rest. Each time there is a new technology that benefits an organization and may help in achieving an exceptional ROI, a threat actor has already figured out a way to break into the technology and cause damage to the organization.
Today, organizations are leaving no stone unturned in improving their cyber-security posture. However, some major data breach myths may lead them to make improper decisions regarding security.
So, we have debunked five such common data breach myths.
Myth #1: Hackers target only major companies
Reality: Cybercriminals do not consider the size of the business. They will hack into any system that is profitable to them. In fact, 43 percent of cyber-attacks target small businesses, and 60% of small companies go out of business within six months of a cyber-attack. It costs SMBs more than $2.2 million a year!
Myth #2: Cybersecurity is the IT department’s responsibility
Reality: Cyber-crime is a business risk. It is not just the IT department’s job to make the organization cyber-threat resilient. Digitization in business is opening doors to cyber-attacks in multiple ways at every level. Say, the IT department has done what it takes to improve the organization’s security. But, something as simple as an employee using the same weak password for multiple accounts is more than enough for an attacker to break into the system.
Myth #3: Your organization is completely cyber-secure
Reality: Cyber-security Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019! So, you may want to believe that with your current security measures, your organization has never incurred a data breach and will never happen in the future as well. However, in this digital world, cyber-crimes are only growing; attackers are trying new ways to access essential systems. No organization is completely cyber secure.
Myth #4: Anti-virus and Firewalls are enough
Reality: Certainly not. Not even if they are up-to-date. Anti-Virus and Firewalls are used as a security measure for years now, and attackers can very well work their way around it with a technique called “Double-agent Attack.” Slava Bronfman, the CEO of Cybellum, said: “Hackers usually try to run away from AV and hide from it, but now instead of running away they can directly attack the AV. And once they control it, they don’t even need to uninstall it; they can just quietly keep it running.”
Myth #5: Cyber-crime causes only financial loss
Reality: Financial loss is a part, but not the only part of the loss an organization faces due to cyber-crimes. For instance, in the Uber data breach – The company discovered that two hackers were able to get names, email addresses, and mobile phone numbers of 57 users and driver license numbers of 600,000 Uber drivers. It was only after a year that Uber made this breach public. Uber fired its CSO, and the breach is believed to have cost Uber dearly, both in terms of reputation and money.
So, now that we have cleared the most common myths of data breaches, let us tell you about the immediate measures that you can take.
#1 Create end-user security awareness
According to Forrester Research, 36% of data breaches come from ignorant or careless user actions. Therefore, it is important to educate the employees, managers, administrators, remote employees, and everyone else associated with the company about due diligence, security guidelines, and security best practices.
#2 Conduct regular audits
Every company, irrespective of the nature of its business, should conduct regular security audits. A security audit evaluates a company’s IT infrastructure against certain established standards and throws light on how secure the company is or what should be done to achieve optimal security.
For instance, SOC 2 is an auditing procedure, that verifies whether service providers securely manage data to protect the interests of your organization and the privacy of your clients. So, when your organization is SOC 2 certified, you establish yourself as a trusted brand, and threat attackers will steer clear of your organization as they know it’s high on security.
#3 Track and use the latest security measures
Every time a major data breach makes it to the news, it creates a wave of awareness, and this had led the security community to try and release better security measures. It is always viable for an organization to adopt and adhere to the latest security best practices such as Passwordless Authentication, Continuous Authentication, Identity Analytics, etc.
#4 Deploy a comprehensive security suite
Given the different scores of cyber-crimes prevailing today, an IAM solution that is competent to provide over-all, unbeatable security should be deployed.
IAM solution like CI is architected to deliver not only Access Management but also Identity Governance and Administration, Privileged Access Management, business to consumer functions, endpoint to mobile management, personalized dashboards, high powered analytics, and business intelligence.
Therefore, as businesses around the world embrace digitization, they realize that combating cyber-crimes and keeping their organization secure is a long-battle. So, it becomes imperative to understand the realities of cyber-crimes, security best practices, and implementing them at the earliest.