According to the Identity Theft Resource Center (ITRC), the number of significant data breaches at businesses, government agencies, and other organizations in the U.S. alone hit a new high of 1,579 in 2017. That number is much higher for 2018 says the ITRC, even though final numbers are not yet available. Both years are up substantially from fewer than just 200 in 2005, the year the non-profit started tracking data breaches.
The increasing likelihood of a data breach is undeniable. Severe regulatory enforcement is a direct result of the frequency and impact of these breaches. Data regulators in the EU are now able to hand out fines upwards of €20 million thanks to GDPR. HIPAA fines have also grown significantly – for example, Anthem was ordered to pay a record $16 million in 2018 for a breach that exposed the information of 79 million individuals.
With the continual rise in data breaches and the zero-tolerance approach taken by regulators today, many security professionals are going back to the basics on data breach prevention. There are many interesting, cool new security tools to explore but all are for nothing if you don’t have your basics in place – covering off on people, process and technology.
According to a recent Ponemon report, 27 percent of data breaches are caused by negligent employees or contractors. Unfortunately, these negligent insiders are often the hardest to identify. They have no malicious intent — they’re simply trying to be productive and independent — which sometimes leads them to circumvent IT, download insecure apps, save data to their mobile devices and cloud drives, or misplace their laptops.
No one technology solution will protect an organization from careless or inadequately trained staff, so the last thing you should do is purchase the latest new tool and forget about it. Instead, educate, train, and test all employees at regular intervals about security awareness, warn all company stakeholders against the dangers of a data breach, and set clear expectations for behavior.
A cybersecurity framework (CSF) will help you protect your security foundation with improved visibility and control over all of your endpoints, formalize your security disciplines, and scale your security operations. The NIST CSF offers five functions you can follow to ensure data security:
Risks can only be addressed if you know about them. Follow these steps to gain visibility and control over your device population:
Protecting your organization against a data breach requires smart strategy, diligence, and teamwork. Even still, there is no guarantee you won’t be faced with unauthorized access. For more information on how to secure your organization from potential threats, download our whitepaper: Top 10 Data Security Tips to Safeguard Your Business.