[BreachExchange] What companies are doing to stop data breaches—not just react to them
Audrey McNeil
audrey at riskbasedsecurity.com
Tue Oct 31 19:46:07 EDT 2017
https://thenextweb.com/contributors/2017/10/31/companies-stop-data-breaches-
not-just-react/
Data breaches have affected our lives on multiple levels, from breaches of
social apps like Ashley Madison, to breaches of retail stores like Target,
to breaches of the companies we’ve historically trusted to keep our most
personal information safe, like Equifax. Each of these hacks, upon being
revealed, had a ripple effect on our economy and personal lives, hitting
the stock market and forcing us to pay closer attention to how our personal
information is being used, stored, and collected.
Data breaches are possible because of our modern reliance on mass
quantities of data and internet-based storage and interaction, which is why
the biggest data breaches of our time have all happened within the past
decade or so. As we become more connected and more reliant on data in our
daily lives, the companies and organizations we trust (as well as us,
personally) become more vulnerable to them.
Historically, companies have responded well to these breaches
appropriately. They’ve gone on record, apologizing for the incident and
providing customers with instructions on how to recover from their
information being stolen. They’ve even taken efforts to clean up their
security standards in the future. But while responding to a breach is a
necessary step, more companies are focusing on preventative measures—so
they don’t have to worry about a breach in the first place.
Why prevention is more important
Prevention is more important than response because if a data breach never
happens, a company is spared from the public outcry, the monetary damages
they’d otherwise suffer, and of course, any damages that individuals would
suffer as a result of the breach. Most companies that suffer a large-scale
breach end up paying hundreds of millions, or even billions of dollars to
repair all the damage, which means proactive investments would actually be
cheaper in the long run.
Up until now, companies haven’t focused on prevention quite the way they
should have; they’ve seen it as an insurance expense, rather than an
investment or a necessity. They’ve also been investing in the wrong areas,
or inappropriately valuing some areas over others.
How companies are including more preventative efforts
So how are modern companies working to include more preventative efforts?
- Better tech. There’s something to be said about the level of technology
most companies use—and are willing to accept. Firewalls and antivirus
software exist to protect companies from forced attempts to infiltrate
their systems, yet some companies are satisfied with just the minimum level
of protection. No tech-based security method is completely immune to
break-in attempts, but more sophisticated technology takes more time and
effort to hack, and is less of a target for motivated cybercriminals.
- Better staffing. More companies are valuing high-level positions in IT
and security, shelling out big bucks for top talent that can work
proactively to prevent breaches from occurring. Of course, top talent is
limited and somewhat hard to find, especially in niche industries like the
medical field; accordingly, many businesses are finding it difficult to
fulfill this need. Still, these positions are growing in demand and are
earning more respect and value in the workplace.
- Employee awareness. Not all hacks and breaches are the result of forced
entries. Instead, most hacks are attributable to simple and preventable
human errors; someone might choose a weak password and never change it, or
fall for a phishing scam that puts your entire company’s network at risk.
Raising employee awareness of how breaches unfold, and knowledge of best
practices is, therefore, one of the best ways to prevent breaches in the
future.
- Response plans. Though prevention is more important than response, it
still pays to have a breach response plan ready to go in the event that
your company is the victim of an attack. More companies are investing in
detailed response plans, giving them direction on how to stop the bleeding
upon discovery, how to alert the press and begin PR recovery, and how to
inform customers about next steps and individual protective measures.
Preventative efforts aren’t foolproof, as there’s no such thing as a
“unhackable” system. There will always be both technical and human points
of vulnerability, no matter how much you invest or how sophisticated your
systems are.
However, with more companies willing to invest in proactively protecting
themselves from the threat of a breach, we’ll likely see breaches become
less and less common as the years go on. If the major breaches that have
populated headlines for the past 10 years have done any good, it’s drawing
attention to the problem; major companies are now taking cyber threats
seriously, and are more willing to spend money, making sure the problem
doesn’t grow any worse.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171031/aeabe36d/attachment.html>
More information about the BreachExchange
mailing list