Cyber attacks today are getting more sophisticated and more dangerous for both businesses and consumers alike. Large enterprises all the way down to small businesses fall victim to major breaches that compromise large amounts of sensitive data. The reality is that it’s likely to suffer from a hack. A report by the Ponemon Institute estimates that the chances of experiencing a data breach are as high as 1 in 4. Even though the likelihood is high, we still have a lot of different tactics and resources we can use to prevent a breach from occurring. Past data breaches are especially strong resources we can use since we can see what went well, what didn’t go as well, what trends were followed and what can we do to prepare our company for the future.
One thing we can look at is the trends in industries. The healthcare industry, for example, is the most breached industry. This means that the healthcare field should take a deep look into their data, check routinely for suspicious activity, keep their software and hardware up-to-date and many other things to keep all of the information secure. This is an interesting challenge for this industry, though, since healthcare professionals sometimes need to access information very quickly to efficiently care for their patients.
The retail industry, on the other hand, is among the top five most breached industries. 73 percent of their compromised data is payment information (things like card numbers and bank account information). A couple contributing factors could be that POS terminals and controllers are among the top three most compromised assets in a breach. This should be a red flag to retailers to review their current security protocols for their POS systems and to routinely monitor the data stored there for any suspicious activity.
These are only a few things to learn by looking at trends and digging into the data. Take a look at the infographic below reviewing different hacker patterns and trends from Varonis to see what other industries are also most at-risk and many other hacking insights.
Now that we’ve learned about different trends hackers follow, it’s time to look at different ways to use that information to inform our cybersecurity programs. Take a look at these actionable tips below to see what things you can do to prepare your business for a future attack.
Limit permissions to appropriate personnel
We saw that 46 percent of healthcare breaches were a result of privilege misuse. This means that employees in these organizations have too much access to files that aren’t relevant to their job function. The easiest way to combat this is to review permissions for all files and assign those permissions only to those who need it. Another necessary task is consistent monitoring of these files to detect any suspicious activity right away.
Implement and routinely test preventative and reactive cybersecurity plans
Your company is at severe risk if it doesn’t have a preventative cybersecurity plan or a data breach response plan. Comprehensive plans on both ends of a breach save lots of time and money. Did you know that companies that took less than 30 days to contain a breach spent $1.16 million less compared to companies that took longer? A big factor in speeding up that response time is having a plan in place to ensure everyone knows their role to manage, mitigate and eradicate the breach.
Routine testing and drills are important as well to make sure everyone is on the same page and to confirm that the current plan still holds up to the evolving threats in the world. A plan is useless if people don’t know how to follow it or if it’s not effective in actually managing the breach.
Back up your data and engage in regular data classification
Ransomware is a type of malware that holds your data hostage until money is paid for its release. An attack like this can completely halt all business operations if the withheld data was not previously backed up. Ransomware was found in 39 percent of malware cases, so it’s likely it can happen to you. This is why it’s important to back data up in multiple places.
Employ strong password security and encryption
Although this is not as sophisticated, strong passwords and encryption are still important parts of a company’s cybersecurity plan. 22 percent of breaches were a result of stolen credentials and this could have been avoided if the passwords were harder to guess and had an added layer of protection with proper encryption.
Create a vulnerability disclosure policy (VDP)
A clear VDP is a great way to get help from white hat hackers who just want to help. A VDP gives hackers and reporters clear guidelines and channels to report any vulnerabilities they find. Having this policy is a great benefit to a company since there are a lot of hackers that do find these things like this, yet 1 in 4 don’t report them since companies lack clear channels to disclose their findings.
By Sarah Hospelhorn, Director of Product Marketing, Based in Brooklyn, NY. Sarah focuses on the strategy behind solving problems in data security. She’s been in tech for over 20 years, with experience in software, hardware, and cryptography.
If you would like to have your company featured in the Irish Tech News Business Showcase, get in contact with us at [email protected] or on Twitter: @SimonCocking
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.