Data breaches are occurring more frequently every year – with no signs of this trend decreasing. Data is a critical part of a business and may even be its greatest asset. Storing data is so inexpensive today that it allows us to keep more of it: customer information, private and confidential employee records, intellectual property, financial information, and more. However, the more data you have, the more risk you have of suffering a breach.
Taking measures to prevent a data breach is the top mandate for IT and security teams. In 2019, your company can’t afford to operate without a solid data protection strategy; it is a critical component of your business.
Having the right plans, tools and services in place to protect your data puts you in a less vulnerable position when dealing with a potential data breach. By being proactive, you can spend more time running your business and less time dealing with the repercussions of lost or compromised sensitive information.
A data breach occurs when there is a leak, compromise or theft of a company’s data or information relating to its business or its customers. A physical security breach is when a laptop, mobile device, USB stick, or other resource is lost or stolen. Either of these breaches, which lead to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access of personal data, can be classified as a data protection breach.
While data protection breaches can occur for a wide variety of reasons, we can break them down into a few major categories: human error, cyber-attacks, loss or theft of devices on which personal data is stored, insufficient access controls, disaster, and malicious activity.
Now that we’ve categorized what causes a data breach, it’s important to look at where these breaches come from. According to Gemalto’s Breach Level Index, 90% of data breaches were caused by two main sources: more than half of breaches came from a malicious outsider, and 34% were triggered by accidental device loss.
The other 10% was brought on by malicious insiders (7%), hacktivists (2%) and unknown (1%).
Analyzing the sources of most data breaches and one common element is almost always present: human error. Sure, most of our negligence is inadvertent and not malicious, but intention is not the issue here. Unwittingly causing security incidents through our actions has severe consequences.
A Baker Hostetler 2018 Data Security Incident Report found that phishing continued to be the top cause of data breaches in 2017, and “remained prevalent and successful, and employees and their vendors made common mistakes that placed sensitive information at risk.”
Phishing and other malware attacks may get all the attention (and deservedly so), but we can’t overlook the severity of misconfigured cloud storage servers, databases, network, backups and endpoints.
If human error is the #1 root cause for a breach, keeping your employees trained up and security aware should be your top priority.
Gemalto’s Breach Level Index also contains some fascinating data about breaches that you should keep in mind as you plan your company’s prevention strategy.
In the first half of 2018, 4,553,172,708 records were compromised. That’s over 25 million records per day, over one million per hour and 291 records per second. These are sobering statistics.
By industry, healthcare was the hardest hit — accounting for 27% of breach incidents. Finance, education, professional, government and retail were also affected, but not nearly as severe as healthcare.
By region, North America was the target of over half (59%) of the reported breaches, followed by Asia/Pacific at 36%.
It bears repeating: security awareness in your organization should be at the top of your list of ways to prevent security breaches. Along with security awareness, we’ve come up with four other strategies that can help you mitigate this critical risk.
Firstly, when it comes to security awareness, it’s crucial that everyone - from top management to the frontline - is up to speed with cybersecurity fundamentals. Check out our Cybersecurity 101 post for a good overview.
The right security mindset is paramount here. Because most hackers rely more on social engineering than advanced technical skills, knowing how to deal with questionable emails is important for everyone in the organization.
The companies with the best cybersecurity posture are often those that train employees on a consistent basis on password strategy, proper file and data storage use, and how to detect and avoid malware.
An educated workforce is your best defense.
As we’ve learned, most data breaches occur because of the actions of an employee. If your businesses does what it can to ensure that employees only have access to the data and resources required to do their jobs, you will be ahead of the game.
Restrictive data permissions — think of them like having a “need-to-know” policy — are vital for preventing data breaches.
The harsh reality about data breaches, human errors notwithstanding, is that even the biggest companies can be hacked. Some of those companies have large cybersecurity teams. For the average business, it’s never a bad strategy to enlist the help of a third party cybersecurity specialist or managed service provider.
CSF, or cybersecurity framework, will help you protect your security foundation with improved visibility and control over all of your endpoints. A proper CSF formalizes your security disciplines, and can scale your security operations.
A security specialist can be very helpful with this process, but if you need a good head start, NIST’s framework is a great resource.
In a nutshell, you’ll want a plan to: identity, protect, detect, respond and recover.
Risks can only be addressed if you know about them. To nail down visibility and control over your device population, there are 5 steps you’ll want to follow:
For more detail on these steps and to learn more about data breach prevention, check out our Back to Basics blog post here.
Protecting your organization against a data breach requires smart strategy, diligence, and teamwork. Yet even with all that planning, there’s no guarantee you’ll avoid a breach in the future.
For more information on how to secure your organization from potential threats, download our whitepaper: Top 10 Data Security Tips to Safeguard Your Business.