Every year we look back and say last year was the biggest year in cyber security breaches ever! And now this year looks to be no different. The media continues to report the fallout from breaches for months. They’re so prevalent that the names are all starting to run into each other: JP Morgan Chase, Anthem, Experian, Sony, The Office of Personnel Management (OPM), and Ashley Madison. Looking at all of these data breaches leads to one question: why do they keep happening?
The answer is more obvious than you think - no matter how big or small, pretty much every business is now connected to the Internet. And because of the “always on” nature of the connections, more and more companies are finding themselves becoming targets. You’d think that organizations that take cyber security seriously would be less susceptible to breaches. But, the reality is - every organization falls into one of two buckets: either you’ve already been breached or it’s just a matter of time till you are. There’s no way you can state with a straight face that you will never be breached. In fact, the 2015 Verizon Breach Investigative Report shows that small-to-medium-sized businesses are as likely to be breached as a large company.
Another issue that adds to the complexity is that more and more businesses are implementing wireless networks for all of their staffs’ wireless devices. Not only is every smartphone a potential target for attacks, but they can then become the “gateway” device for hackers to breach your network. You might think that since your individual machines don’t store any of your company information that means you’re safe. Quite the contrary. Your users’ machine can be infected by hackers and repurposed into a “zombie” that carries out attacks on their behalf. And with the Internet of Things (IoT) bringing everything from refrigerators to shredders online, the scope for zombie takeovers is sure to grow into a new widespread problem.
There are so many ways that hackers are able to get into company networks slipping through multilayered security systems, firewalls, and other safeguards to wreak havoc. This is why it’s critical for businesses to stay alert and know how to identify the weaknesses in their networks so that they can improve their online security systems.
The following are key human weaknesses needing to be addressed in order for you to protect your sensitive corporate and customer data:
Leaks Due To Employee And Company Insiders.
In this era of WikiLeaks and cyber espionage, governments and corporations are scrambling to stop their own personnel from handing data over to people who want to sell the data. Competitors are in the game of recruiting disgruntled employees. With something as small as a thumb drive, insiders can betray cybersecurity defense information to competitors who want an edge over their rivals.
Leaks Due To Third Party Partners
Target suffered a massive, costly, and damaging breach in 2013 because of an HVAC vendor’s carelessness. How are you protecting yourself from the Third Parties you’re so tightly integrated with? Is your network configured so that they can only access your system from a known (and pre-approved) IP address? Is your network configured to only allow them access during business hours?
Repeated Phishing Attacks.
A good percentage of cybersecurity breaches come from the most simple phishing attacks. Sending scam emails tempting users to click on their links is one of the most common and effective ways to compromise networks and security systems. Professional phishers usually aim to acquire personal identifying information such as usernames and passwords and not just credit card numbers. Getting tricked by bogus links or attachments or URLs also expose other vulnerabilities of your network to hackers.
More often than not, it’s not that your network isn’t secure enough (although of course a secure network is the foundation for a solid approach to cyber security) but rather it’s about the human factor. It’s about your staff, what they know NOT to do, and their overall vigilance working within your environment.
Companies must up their game when it comes to security defenses. While hackers are historically better at staying ahead of most companies’ IT security policies and infrastructure, cyber security is an ongoing state of mind more than anything. It’s about reducing the likelihood that your organization will experience a security breach. And, again, once you’ve invested in locking down the technical components and have a strategic ongoing approach to managing your network security, it all comes down to the human factor. It’s all about you and your staff and what your knowledge, understanding and ongoing safe computing practices that will make all the difference between being breached and not. So, it really is all about who you know.
Have you or do you know of anyone who's had a network breach? Share your experience with us in the Comments section below.
Also, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.