When it comes to the security of your company’s data, you might not be concerned with a typical Hollywood scenario of terrorists hacking to cripple governments or corporations. You may or may not have seen Mr. Robot, or Live Free or Die Hard, or even the movie Hackers. Even if the typical Hollywood hacking plot doesn’t scare you, there are many types and real-world implications for network security breaches that should at least have you asking questions about your own IT security.
The security concern that might seem more relevant to you is the attack on Target in 2013 when the private and sensitive information of thousands of customers was compromised. These types of scenarios happen on a much smaller scale every day to businesses like Target, and businesses just like yours.
Whether you already have a security plan in place for your company’s infrastructure or know you need to get protected; here are some facts that you should know about everyday data breaches, how they affect you, and how to consider and mitigate your risk.
1. Incident vs. Breach
Security can be taken advantage of on many levels, however, there is a difference between a security incident and a security breach. While an incident would expose the possibility that someone has seen your data, the person may have not accessed the information purposely, or even realized it. The intent in a security incident is not malicious, however, a breach of security is.
A breach involves the possibility that your sensitive and protected data has been viewed and/or stolen by a person who does not mean well, and intends to benefit from your loss. Suspicion or confirmation of a breach should always be reported to management in an effort to aid research into the issue, mitigate damages, and for future prevention.
Essentially, the difference between an incident and breach is exposure vs. disclosure.
2. Who is targeted?
No one is 100% safe against cyber-attacks. According to Verizon’s 2016 Data Breach Investigations Report (DBIR), 82 countries are affected by breaches annually.
The most affected population is the general public, however, hospitality and retail companies report more breaches than incidents, which should give us all pause for concern about the security of our software and systems. With this, the primary motive appears to be financial.
According to the DBIR, an employee or contractor committing the breach from within your business is unlikely. External perpetrators are usually the culprits; so although we recommend vigilance, you don’t really need to focus too much on your fellow co-workers and employees.
3. What do they want?
Financial and espionage motives are the most common reasons for a cyber intrusion. Espionage refers to spying on in order to obtain information.
Like in the Target attack, money and other financial information is usually the intent of the attacker. The most common other reasons are personal: ideology, personal vendetta (former employee), and other petty motives.
4. How is security compromised?
Fishing is something you do on a calm and warm summer morning when you’re retired or on holiday. Phishing on the other hand, is a tactic used by a cybercriminal in order to achieve the mission of accessing your data.
With hacking in first place and malware use in second, your data is most often compromised through harmful email scams and other click-worthy, or not so click-worthy items you may receive.
These attackers most often exploit weak passwords or install malware through your generous invitation: by simply clicking on links or attachments via email such as fake past due invoice notices.
5. What makes you a target?
You might be feeling vulnerable with all of this cyber-attack, security compromise talk, or you may think “why would they bother with me?” There are some things that may make you more susceptible that you can identify.
For instance, certain programs you often utilize are more easily preyed upon than others. Unfortunately, data shows that Adobe and Microsoft programs and publications are common targets and quick to be exploited. Is your company doing everything it can to stay on top of updates and security patches for these types of programs as well as your operating systems?
You may have a budget that prevents you from obtaining the tools to look out for these issues or resolve them when they come along. Having weak or default passwords make you especially vulnerable as well, in fact, 63% of breaches involve these basic faulty standards of security. The majority of these issues stem from a weak or complete lack of a security policy for all systems, software, and personnel.
6. The threat grows, as does the prevention.
There are new threats evolving every day and new vulnerabilities that make it easier for you to fall victim to them. With the sophistication of technology and the people who take advantage of it, the urgency to find solutions is growing. Outdated security programs and lack of knowledge on the matter are primary factors that contribute to your risk. In 2015, the number of published compromises rose, however, so did the number of patches.
The median amount of time it takes for a published vulnerability to be illegally accessed is 30 days. It happens quickly, and slickly, which means your business needs constant protection and regular updates.
7. Avoiding attacks
Ways to prevent these situations can vary by the type of organization; however, a few things are universal and can be simple to do:
- Reporting breaches that harm or compromise your data is important in order to keep track of and potentially find a pattern in the attacks. We would not have the data we just presented you if it weren’t for data being reported.
- Filtering emails may seem like a simple fix, but the truth is, it can save you a few errant clicks and a few opportunities for intrusion.
- Awareness training for your employees is something that will definitely benefit your company. The better you understand the threats, the more you can do to prevent an attack.
- Monitoring suspicious contacts. If you feel like a recent connection is a little fishy, it doesn’t hurt to be proactive and keep an eye out for potential harm. Taking simple actions to stay on the defensive never hurt anyone, and can help you stay a little safer.
8. Solutions to your Security
Solutions to help you could include security alerts, intrusion detection and prevention, management of valuable assets, and even knowing some solution alternatives.
If you don’t have these tools now, know that there are solutions to the real-world actions that threaten your company, and that they don’t have to break the bank.
9. There are ways to boost your security
As a Managed Security Service Provider, our job is to inform our clients of threats and teach them how to avoid many undesirable scenarios. Managing security is also our job, and if you’re feeling like your security plan needs a Band-Aid or a boost, we recommend reaching out to us so that we can identify solutions that fit your business’s needs.
While this is a broad picture we’re painting about what we know about security and real-world breaches, you can learn more about cyber security by contacting us today for a free technology assessment.