Survey after survey reveals that more organizations fall victim to cyberattacks each year - and the attacks grow not just in number, but also in intensity.
It is true that an increasing number of companies are finally putting additional resources and money into protecting their data, and yet, despite this shift in attention, cyberattacks seem to continue to grow in terms of frequency and severity. So, why do these data breaches keep happening despite the increased investment to guard against them?
One of the biggest reasons is that there’s simply way more data out there to protect today. Every day, more and more of it is migrated online. Whether it’s someone activating a new online account or buying a new piece of technology that can be modified to their personal preferences, the amount of data that is available to be hacked is constantly growing.
Additionally, hackers are also getting smarter and more sophisticated. Today’s cyber criminals have a wide variety of tools at their fingertips: some use viruses, malware, or bots and others use more personalized phishing techniques to trick people into simply handing over their information.
When new protection technology debuts, it doesn’t take long for savvy hackers to crack the code to get in. Moreover, some hacker groups have even been backed by governments, giving them endless resources to work with.
Also, network security doesn’t prevent malicious inside jobs – or accidental exposure of information. A company can pour vast amounts of money and resources into information security technology, but that won’t ever mean they’re 100 percent immune to security incidents.
In fact, one of the biggest risk factors is one of the most difficult to ever truly prevent: insider maleficence. The University of Texas’ 2018 ITAP Report found that 38 percent of compromised data incidents involved insiders. These are people that are granted access to sensitive information and either abused their privilege or accidentally allowed outside access.
At the end of the day, no matter how extraordinary your company’s security is, you should assume that cyber criminals may still be able to get in. There are plenty of ways, and if they’re determined, an attacker will likely be able to figure it out – whether by exploiting third-party vulnerability, finding a weakness in external defenses, or using compromised credentials.
Now, more than ever, organizations should expect a data breach incident and take steps to put a robust program in place – one that not only proactively reduces cyber-attack risk, but helps mitigate issues stemming from a breach.
Make Cyber Security Part of Your Company Culture
Even if your organization has implemented the latest and greatest security technologies, compliance must crosscut the entire enterprise. Leaving this significant task just to IT, or another dedicated department, fails to address the larger issue: all staff are stakeholders in a company’s data protection, and therefore must be trained on security best practices and requirements on an ongoing basis.
A company that makes cyber security a top priority will reflect that in all aspects of their business – be it company policies, values, or attitudes. Essentially, it should simply be “the way you work.”
The most common (and easiest) way for hackers to access and steal sensitive information is through spear phishing: a form of phishing in which a hacker attempts to target one or more individuals using finely-tuned, personalized tactics to trick users into breaking security procedures.
As one of the most successful forms of phishing on the internet today, over 90% of all cyberattacks are successfully executed with information stolen from employees who unwittingly give away their system ID and access credentials to hackers. Informed employees will be less vulnerable to falling for such tactics.
Review the Data Your Company is Collecting from Customers, and Store Only What’s Absolutely Necessary
The more data-rich an organization’s environment is, the more likely they are to be a target of a cyberattack. Obviously, there are organizations that the nature of their business requires collection of sensitive information. As such, these types of organizations should be at the forefront of information security.
If you’re a retailer, you’re automatically collecting consumers’ financial information, which is why retailers remain a top target for hackers. A good rule of thumb is: if you don’t need it, don’t collect it. Ultimately, you’re going to want to weigh the risks of owning that type of information with the benefit of having it.
Offer Identity Protection Services to Both Employees and Customers
Identity protection services can go a long way in terms of reducing cyberattack impact and even the likelihood of one hitting your organization. We typically see companies offer this service free for a year post-breach to impacted victims, which gives fraudsters a solid timeline to work with. They’ll know when the clock is up and your customers’ most sensitive information is no longer being monitored.
Offering employees comprehensive identity protection means they will, by default, become more educated and informed consumers and less vulnerable to identity theft. For employers, this translates into more-informed, digitally-safe, and cyber-conscious employees.
In a nutshell, companies with these kinds of employees are the ones who will also be less likely to fall victim to a cyberattack or security incident – a goal for any organization.
In today’s day and age, your customers already likely have information that’s been breached and is out there on the dark web. It’s only a matter of time until that manifests into larger issues for them, meaning today’s consumers should be extra vigilant about checking their financial accounts.
A comprehensive identity protection plan also helps to manage a lot of these things more easily (via credit and identity monitoring, online data protection tools, and alerts) thereby reducing their risks and, if they do become a victim of identity theft or fraud, mitigating any resulting damages as much as possible via 24/7 resolution support.
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access