Typically when you hear about a data breach on the news or on the Internet, the most common response is “That couldn’t happen to us.”
That’s the sort of opinion that is already outdated and getting less true all the time in the world of digital technology and online businesses. Data breaches are not just a threat, but new data reveals they have hit 57% of all businesses in the last three years. Some might be accidental, some might be an internal malfunction or insider hack job, but a ton of them are performed by real criminals using real tours to blast their way through limited or non-functioning security to exposure data from companies, largely for the point of selling it on the Dark Web.
Add to that 24% that have been hit in the first six months of 2019 and you realize it’s not a trend, it’s an epidemic.
Blind Leading the Blind
The irony of those two numbers above is that they are identical to statistics about how companies are viewing their own cybersecurity. According to a poll of some 6,000 information security professionals around the globe, 81% of them think their IT security is either very good (57%) or 24% (good). The bitter irony that those are the exact same numbers as the companies suffering data breaches. As is so often the case, the left-hand does not know what the right hand is doing when it comes to IT security. It is in these types of circumstances that criminals and hackers thrive. If 81% of IT personnel think a good job is being done, how can there possibly be so many data leaks? Internal communication failure is a big part of this. IT staff might brief every new hire on how to maintain proper security, but if there are no follow-ups, reminders, and refresher type training, those early lessons are going to get forgotten quickly. Imagine a new hire at a firm getting a security training from IT, but also getting new information on everything from where to park to how to use a key entry system to the actual parameters of their job, etc. Information, like changing your password every 90 days and not opening any email, not from another employee, will be quickly forgotten. It is the job of the Chief Technology Officer (CTO) and the Chief Information Officer (CIO) to set up a culture where data is treated like gold and breaches like a bank robbery. Employees that share credentials, refuse to change passwords or lose company equipment should be reprimanded.
The biggest threats to companies in 2019 based on the same poll including phishing (36%), trojans (29%), ransomware (28%), legal/compliance risks (28%), unpatched software (24%), DDoS attacks (24%), and social media threats (22%). A really astute antimalware software package can greatly assist companies in neutralizing most, but not all of these threats. The remainder must be dealt with by humans, not machines, who are dedicated to keeping intruders out of their system regardless of what form they take.