If you thought security breaches are something that happens to others and never to your enterprise, you need to think again. Security breaches are more common than you think! It could happen to your company as easily as it can happen to others!
First, let us define the terms "Data Breaches" and "Security Incidents":
- Data Breach is "an incident that resulted in confirmed disclosure (not just exposure) to an unauthorized party. It sometimes can be used interchangeably with “data compromise".
- Security Incident is "any event that compromises the confidentiality, integrity, or availability of an information asset".
The 2015 Data Breach Investigation Report study -- conducted by Verizon, in cooperation with 70 contributing organizations -- is a great resource of information.
According to the report:
- Almost 80,000 security incidents took place in the year
- More than 2,100 confirmed data breaches happened in the year
- More than 60 countries were affected by data breach during the year
- In 60% of cases, attackers were able to compromise an organization within minutes
- Estimated financial loss from 700 million compromised records is 400 Million USD
- 23% of recipients opened Phishing messages and 11% actually click on the attachments
The picture is very grim!
How does one identify security breaches and patterns? Verizon compares security breaches to fingerprints. There are well-defined patterns and these patterns are identifiable and classifiable. The lines and contours of the breaches can be studied and breaches can be stopped in their tracks with a little time and effort.
To begin with, enterprises need a comprehensive data protection solution. Enterprises must comply with one or more of the applicable federal regulations to avoid breaching security standards. The compliance tools must be flexible enough to change easily with the evolving security regulations and standards. The solution should have extensive logging features that can track and prevent hacking. The solution must include a network-scanning tool that will locate potential threats to sensitive data. This must be accompanied by a company wide encryption and access policy.
Companies can also train their employees to be extra vigilant on data security. Lance Spitzner, Training Director for the SANS Securing The Human program, explained it best when he said, “one of the most effective ways you can minimize the Phishing threat is through effective awareness and training. Not only can you reduce the number of people that fall victim to (potentially) less than 5%, you create a network of human sensors that are more effective at detecting Phishing attacks than almost any technology.”
Many online backup services and cloud computing companies today provide security tools that support policy configuration. The configurations work unobtrusively in the background requiring little or no inputs from the user. These service providers also don the mantle of business consultants and help you tailor your data security solutions to applicable federal regulations. This may be the right move for your organization.
Remember, it is more economical to pay out a few dollars for advice than to spend vast sums on fines, lost business, bad publicity and expensive cleanups.
EVS is a globally trusted cloud backup and data storage company based in Memphis, TN, which provides simple, automatic, secure, encrypted, and data backup and storage. Talk with us about your needs and how we can create a solution that works for you!