What should companies do to protect themselves?
It all begins with the obvious, which is an internal review. The identification of any system vulnerabilities, which are SURE to be discovered by the constant attacks and pressure being applied by hackers, must immediately be addressed.
Next, confirm that all software is legal and insure that all patches are up to date. The creation/revision/updating of formal security policy standards is an absolute must. Next is to have an outside firm come in and perform a security/vulnerability assessment to identify additional opportunities for improvement.
Since so many breaches begin with human error/mistake/carelessness, the obvious next step is continuous education for employees. IT can “dummy-proof” many internal systems (by not allowing login/password credentials to be auto saved, or requiring password resets every month, etc.) by setting more restrictive (and enforced) policies. IT staffers also need continuous education credits in this ever-changing field in an effort to remain informed of developing threats and tactics used by the hacker community.
Increasing password strength is likely the one single most important step average sized companies can take to protect themselves. The more characters required for a password the better, and numbers, symbols and both upper and lower case letters should be required. Developing an accurate inventory of all technology assets, accounting for each asset and the eventual decommissioning or destruction of end of life assets is another highly vulnerable, yet easy to solve area for IT.
It is worth noting that companies can now purchase data breach insurance. Watch for this niche offering to have explosive growth in the years ahead.
Data Breaches Fears for the Future
Businesses are producing, procuring and processing more and more data than ever in their push for better business analytics and improved profits. Companies who historically would not really have had much data on their customers now can possess all there is to know about who shops with them. Data brokers are constantly collecting new data on each of us, and packaging and selling it to anyone who wants to buy it.
Big Data Available
There is so much data available that companies have to store it in the cloud and in data centers. It is so voluminous that processing it requires hundreds of servers running in parallel. Criminals are working tirelessly to figure out how to break through firewalls and identify security weaknesses in order to tap into the unlimited reservoir of data gold. Clearly, these trains are hurtling toward each other at the speed of light and something will have to give. The fear is that with so many break points, when the dam breaks it will be catastrophic; imagine the desirability and market worth of the data contained in NSA’s network.
Most security insiders agree: “Your business is in 1 of 3 categories: You have either been breached and you know it, you have been breached but do not know it yet, or you are going to be breached, it is just a matter of when”. No matter how prepared you think you are, you need to think again. Any cost you bear proactively in order to avoid a breach pales in comparison to the cost of re-actively cleaning up afterwards.
PAG will gladly introduce you to industry leaders if you want to have a security audit.
Please provide feedback, likes, comments, etc. on whether you feel this is insightful or how future pieces can be more informative; I read and appreciate all feedback (especially the constructive criticism). Follow me to get these types of updates regularly.
[author_bio username=”Barry” name=”yes”]