In the world of social media, it is rare for content to be so good that an unusually large amount of followers engage with it. But, that’s exactly what happened when we posted a blog by auth0 called, 7 Statistics That Show Why Data Security Matters – Data security is a moving target. Understanding these statistics can help you get it right.
Apparently the topic is one of interest to our followers, so we thought we would publish the best-of-the best excerpts (which is nearly all of it) from the article, and see what other publications had to say about this hot topic. Let’s jump right in…
Diego Poza, the contributor for the auth0 article – a self described System Engineer, geek, foodie, technology lover, speaker, wrote, “All data breaches are expensive, both in terms of lost data and in the hit to an organization’s brand reputation.
Numbers are hard to argue with, so we compiled the following seven statistics that show the power of having good data security plans in place, in case your business is hit with a breach. Each entry includes the business impact and mitigation techniques you can employ to limit losses, should the worst happen.
1. Malicious attackers cause 52% of data breaches.
This tells us two things: that there are bad actors out there who want the data you collect from your customers and that the other 48% of breaches are caused by some other factor. In fact, an IBM/Ponemon study found that compromised credentials and cloud misconfiguration each account for 19% of all breaches. The takeaway here is that you must adopt a 360-degree perspective on your data. Take into account internal, external, malicious, and accidental vectors when developing your data security plans.
2. Hacking techniques are used in 45% of breaches.
In the 2020 edition of Verizon’s Data Breach Investigations Report (DBIR), they found that 45% of the breaches investigated involved an outside actor using methods loosely referred to in the report as hacking to gain entry. These malicious attacks can use methods ranging from automated credential stuffing to manual intrusion via a zero-day exploit, and more.
The lesson here is that businesses need robust security measures that can quickly signal when an intrusion is occurring, so mitigating steps can be taken. Employing a robust Customer Identity and Access Management (CIAM) solution that includes Bot Detection, brute force protection, and other defensive features is a top recommendation for mitigating these attacks.
3. Reported cybersecurity breaches are up 300% since the beginning of the COVID-19 pandemic.
The Internet Crime Complaint Center, or IC3, is the department within the FBI that handles incoming cybercrime reports. IC3 has seen its daily number of complaints jump 300% since the beginning of the pandemic in early 2020. The business takeaway is that cybercrime is here to stay, and it’s incumbent on you to lay out the processes and procedures that will enable you to keep your customers’ data safe from this growing rate of attacks.
4. Lost business revenue alone accounts for nearly half of the financial impact of a data breach at an avg. of $1.5 million.
This number doesn’t take into account the cost of the lost data, the cost of recovering downed systems, or the PR costs of damage control after a breach. Per the IBM/Ponemon study, this is just the average amount of revenue lost when customers lose trust in a brand and abandon it for a competitor in the aftermath of a data breach. Brand equity helps here, as does being transparent with your customers about the steps being taken.
5. Internal actors are involved in 30% of breaches.
Across all attack vectors, internal actors are involved in a third of data breaches. From mistakenly sending data to the wrong person, mishandling administrator credentials, misconfiguring cloud security settings, or being a willing participant in a malicious attack; both employees and contractors are included in this number.
Once again, Verizon’s DBIR highlights the need for solid training routines that cover everything from identifying possible phishing emails and proper credential hygiene, to how to spot malware. For business decision-makers, employees are a valuable asset in the fight against data crime. Train them and treat them right, and you can make effective inroads into mitigating such attacks.
6. One study found that with 15% of companies, more than a million files were accessible to every employee of the company.
In one recent study by cybersecurity company Varonis, nearly 1 in 5 responding companies found that every single employee had access to over a million files, including even the most sensitive personal information, no matter their permission level. We’ve talked about knowing what data you’re protecting before: Not only do you need to know what the data is, you need to know who has access to it. With a few exceptions, there aren’t many files that every single employee of a company needs access to. From a business standpoint, the fewer people have access to data, the safer that data is.
7. Cybersecurity incident response plans are missing in 3 out of 4 companies
Should your organization be hit with a data breach, what would your first step be? If you can’t answer that question immediately or with a couple of clicks to locate a process document, you’re one of those three in four businesses cited by Cybint that are not ready for a breach.
Building up your data security posture now will help your business stay ahead of potential threats. And, making sure your customers know about the steps you’re taking, and why, will help maintain the level of trust you’ll need should your company become the target of a breach.”
Good stuff, right? Let’s see what some other experts had to say about why data security matters, and learn about some important safeguards that you should implement now.
In excerpts from an article by Imperva, they wrote, “Data security is the process of protecting corporate data and preventing data loss from unauthorized access. This includes protecting your data from attacks that can encrypt or destroy data, such as ransomware, as well as attacks that can modify or corrupt your data.
The survival of a modern business depends on data security, which can impact both the organization’s key assets and private data belonging to its customers.
In the past decade, social engineering, ransomware and advanced persistent threats (APTs) are on the rise. These are threats that are difficult to defend against and can cause catastrophic damage to an organization’s data.
There is no simple solution to data security—just adding another security solution won’t solve the problem. IT and information security teams must actively and creatively consider their data protection challenges and cooperate to improve their security posture. It is also critical to evaluate the cost of current security measures, their contribution to data security, and the expected return on investment from additional investments.
Data Security Risks
Below are several common issues faced by organizations of all sizes as they attempt to secure sensitive data…
A large percentage of data breaches are not the result of a malicious attack but are caused by negligent or accidental exposure of sensitive data. It is common for an organization’s employees to share, grant access to, lose, or mishandle valuable data, either by accident or because they are not aware of security policies.
Phishing and Other Social Engineering Attacks
Social engineering attacks are a primary vector used by attackers to access sensitive data. They involve manipulating or tricking individuals into providing private information or access to privileged accounts.
Phishing is a common form of social engineering. It involves messages that appear to be from a trusted source, but in fact are sent by an attacker. When victims comply, for example by providing private information or clicking a malicious link, attackers can compromise their device or gain access to a corporate network.
Insider threats are employees who inadvertently or intentionally threaten the security of an organization’s data. There are three types of insider threats:
- Non-malicious insider—these are users that can cause harm accidentally, via negligence, or because they are unaware of security procedures.
- Malicious insider—these are users who actively attempt to steal data or cause harm to the organization for personal gain.
- Compromised insider—these are users who are not aware that their accounts or credentials were compromised by an external attacker. The attacker can then perform malicious activity, pretending to be a legitimate user.
Ransomware is a major threat to data in companies of all sizes. Ransomware is malware that infects corporate devices and encrypts data, making it useless without the decryption key. Attackers display a ransom message asking for payment to release the key, but in many cases, even paying the ransom is ineffective and the data is lost.
Many types of ransomware can spread rapidly, and infect large parts of a corporate network. If an organization does not maintain regular backups, or if the ransomware manages to infect the backup servers, there may be no way to recover.
Data Loss in the Cloud
Many organizations are moving data to the cloud to facilitate easier sharing and collaboration. However, when data moves to the cloud, it is more difficult to control and prevent data loss. Users access data from personal devices and over unsecured networks. It is all too easy to share a file with unauthorized parties, either accidentally or maliciously.
Common Data Security Solutions and Techniques
There are several technologies and practices that can improve data security. No one technique can solve the problem, but by combining several of the techniques below, organizations can significantly improve their security posture.
Data Discovery and Classification
Modern IT environments store data on servers, endpoints, and cloud systems. Visibility over data flows is an important first step in understanding what data is at risk of being stolen or misused. To properly protect your data, you need to know the type of data [you have], where it is, and what it is [being] used for. Data discovery and classification tools can help.
Data detection is the basis for knowing what data you have. Data classification allows you to create scalable security solutions, by identifying which data is sensitive and needs to be secured. Data detection and classification solutions enable tagging files on endpoints, file servers, and cloud storage systems, letting you visualize data across the enterprise, to apply the appropriate security policies.
Data masking lets you create a synthetic version of your organizational data, which you can use for software testing, training, and other purposes that don’t require the real data. The goal is to protect data while providing a functional alternative when needed.
Data masking retains the data type, but changes the values. Data can be modified in a number of ways, including encryption, character shuffling, and character or word substitution. Whichever method you choose, you must change the values in a way that cannot be reverse-engineered.
Identity Access Management
Identity and Access Management (IAM) is a business process, strategy, and technical framework that enables organizations to manage digital identities. IAM solutions allow IT administrators to control user access to sensitive information within an organization.
Systems used for IAM include single sign-on systems, two-factor authentication, multi-factor authentication, and privileged access management. These technologies enable the organization to securely store identity and profile data, and support governance, ensuring that the appropriate access policies are applied to each part of the infrastructure.
Data encryption is a method of converting data from a readable format (plaintext) to an unreadable encoded format (ciphertext). Only after decrypting the encrypted data using the decryption key, the data can be read or processed.
In public-key cryptography techniques, there is no need to share the decryption key – the sender and recipient each have their own key, which are combined to perform the encryption operation. This is inherently more secure.
Data encryption can prevent hackers from accessing sensitive information. It is essential for most security strategies and is explicitly required by many compliance standards.
Data Loss Prevention (DLP)
To prevent data loss, organizations can use a number of safeguards, including backing up data to another location. Physical redundancy can help protect data from natural disasters, outages, or attacks on local servers. Redundancy can be performed within a local data center, or by replicating data to a remote site or cloud environment.
Beyond basic measures like backup, DLP software solutions can help protect organizational data. DLP software automatically analyzes content to identify sensitive data, enabling central control and enforcement of data protection policies, and alerting in real-time when it detects anomalous use of sensitive data, for example, large quantities of data copied outside the corporate network.
Governance, Risk, and Compliance (GRC)
GRC is a methodology that can help improve data security and compliance:
- Governance creates controls and policies enforced throughout an organization to ensure compliance and data protection.
- Risk involves assessing potential cybersecurity threats and ensuring the organization is prepared for them.
- Compliance ensures organizational practices are in line with regulatory and industry standards when processing, accessing, and using data.
One of the simplest best practices for data security is ensuring users have unique, strong [login credentials and] passwords. Without central management and enforcement, many users will use easily guessable passwords or use the same password for many different services. Password spraying and other brute force attacks can easily compromise accounts with weak passwords.
A simple measure is enforcing longer passwords and asking users to change passwords frequently. However, these measures are not enough, and organizations should consider multi-factor authentication (MFA) solutions that require users to identify themselves with a token or device they own, or via biometric means.
Another complementary solution is an enterprise password manager [like Keeper] that stores employee passwords in encrypted form, reducing the burden of remembering passwords for multiple corporate systems, and making it easier to use stronger passwords.
Authentication and Authorization
It is highly recommended to enforce multi-factor authentication when any user, whether internal or external, requests sensitive or personal data.
In addition, organizations must have a clear authorization framework in place, which ensures that each user has exactly the access rights they need to perform a function or consume a service, and no more. Periodic reviews and automated tools should be used to clean up permissions and remove authorization for users who no longer need them.
Data Security Audits
The organization should perform security audits at least every few months. This identifies gaps and vulnerabilities across the organizations’ security posture. It is a good idea to perform the audit via a third-party expert, for example in a penetration testing model. However, it is also possible to perform a security audit in house. Most importantly, when the audit exposes security issues, the organization must devote time and resources to address and remediate them [immediately].
Anti-Malware, Antivirus, and Endpoint Protection
Malware is the most common vector of modern cyberattacks, so organizations must ensure that endpoints like: employee workstations, mobile devices, servers, and cloud systems, have appropriate protection. The basic measure is antivirus software, but this is no longer enough to address new threats like file-less attacks and unknown zero-day malware.
Endpoint protection platforms (EPP) take a more comprehensive approach to endpoint security. They combine antivirus with a machine-learning-based analysis of anomalous behavior on the device, which can help detect unknown attacks. Most platforms also provide endpoint detection and response (EDR) capabilities, which help security teams identify breaches on endpoints as they happen, investigate them, and respond by locking down and reimaging affected endpoints.”
Excerpts from an article by UpGuard say, “Business leaders can no longer solely rely on out-of-the-box cybersecurity solutions like antivirus software and firewalls. Cybercriminals are getting smarter and their tactics are becoming more resilient to conventional cyber defences.
The proliferation of data breaches means that cybersecurity is not just relevant to heavily regulated industries, like healthcare. Many small businesses are at risk of suffering irrecoverable reputational damage following a data breach. Now, consumers expect increasingly sophisticated cybersecurity measures as time goes on.”
At Adaptive Office Solutions cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues, and concentrate on running your business and lowering your costs through systems that are running at their prime; creating greater efficiency.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at email@example.com