Data breaches are on the rise, they occur when a cybercriminal successfully infiltrates a data source and extracts sensitive information. Due to a tectonic shift in the way organizations use and provision their data applications, organizations are forcing changes in the way they have to think about securing them. Securing the data has become a nightmare for organizations in recent times, due to a shift in the threat landscape.
Cyber threats are constantly evolving; protecting yourself from hackers and data breaches require constant vigilance.
Cybercriminals are constantly testing new ways to circumvent systems, requiring new defenses and evolving tactics to protect the network. Recently, there was the infamous Equifax breach that affected more than 143 million Americans. Then there was the Marriott data breach that affected an estimated 500 million people in 2018 alone.
And those are just two of the biggest ones!
Breaches can have a wide-ranging and long-lasting cost to an organization. Individuals and large-scale organizations (industrial, health, financial organizations, etc.) can save themselves from the impact of data breaches by following strict security policies and compliances. The impact of data breaches might include revenue loss, reputation damage, government sanctions, and loss of intellectual property just to mention a few.
According to Fortified Health Security’s mid-year report, the healthcare sector suffered about 337 breaches in the first half of 2022 alone. More than 19 million records were compromised in healthcare data breaches in the first half of the year. In 2018, healthcare data breaches of over 500 records were being compromised at a rate of around 1 per day. Fast forward 4 years and we saw double the rate. In 2021, an average of 1.95 healthcare data breaches of 500 or more records were reported daily.
Data breaches cost financial intuitions an average of $5.97 million in 2021 and 2022, with healthcare being the only sector with a higher cost per breach, according to a report released by IBM Security. Cybersecurity in banking can be a challenge since many financial institutions have to tighten their budgets for IT spending. Therefore, reports of data breaches in the banking and finance sector are often recorded.
The Manufacturing industry is evolving, Industrial Internet of Things (IoT) is driving the need to bring artificial intelligence, cloud computing, and robotics into factories.
Manufacturing systems can now integrate all elements of production, including operational systems and information systems, taking the place of outdated siloed systems. The result is an increase in efficiency and productivity, but also introduces a greater risk of cyberattacks.
Cyber threats can come from any level in the organization. Humans are the weakest element in any security solution. Personnel are involved in every chain of security solutions ranging from planning, designing, implementation, and administration. Over the years, human errors or negligence have been reported at each stage of the security deployment, these create loopholes to numerous cyber-attacks on organizations.
Employees bringing their own devices is one of the most complicated security challenges as it exposes the organization to huge security risks. Maintaining a high level of security in an organization is challenging when mobile devices are in use. These days, employees use their personal devices for work-related data, exposing the organization to risks because the organization has less control over the security of the device and cannot predict who else has access to the devices apart from the employee.
Physical security is critical. Implementing physical security defenses will help secure the data. The most common attack is the theft of laptops, tablets, and smartphones because of their portability and mobile access. Approximately 74,000 employees, suppliers, and contractors were affected by a data breach in 2014 because of stolen laptops with unencrypted personal data.
Personnel are an organization’s first line of defense, so it is important to train employees in security awareness and build an enjoyable workplace to equip and motivate employees to protect the organization.
Poor management of privileged accounts is a major risk to an organization’s cybersecurity. Users who have/had privileged access to an organizations IT system carry out a high percentage of cyber-attacks. It is a major security loophole. Being able to manage users accessing the right resources at the right time can drastically reduce data breaches.
Most operating systems/software codes are vulnerable due to bugs existing on them. An attacker might have discovered these bugs deliberately or accidentally. These bugs might allow the attacker to gain access to critical information like passwords, usernames, private information, and encryption keys that servers contain in their memory. An example is the Heartbleed bug that exists on some specific routers, switches, firewalls, and other devices on the internet running software called OpenSSL.
Exposure to threats like malware, phishing, spyware, botnets, spam, etc. are major loopholes to organizations. An attacker might contact a target via social engineering means like email or download where the employee intentionally or unintentionally clicks on a suspicious link or visits an untrustworthy website. These attackers maliciously attack the system to get a hold of the core of the business or critical data and impede/hinder business continuity.
Insecure or poor network design/configuration could open the organizations to attacks like denial or service, brute force, botnet, backdoor, etc. Insecure network design could range from opening more ports than necessary, forgetting to update the network policies from time to time, failing to use authentication and encryption where necessary, not constantly installing updates, ignoring host security and policies, etc.
Lack of investment in Cybersecurity is one of the major challenges organizations are facing today. Research shows that many organizations have little incentive to invest in cybersecurity largely due to low levels of losses to data breaches. This is one of the reasons why strengthening the defense system of an organization is not adequately funded. Organizations should commit to bolstering their cybersecurity budget annually as there are business implications to security gaps. Lastly, it is important to see that organizations have support all the way up the leadership chain to make the necessary investments to safeguard themselves and their clients.
Mubarak Olayiwola Ahmed,
Lead Technical Consultant/Cybersecurity Expert,
Linkedln – https://www.linkedin.com/in/mubarak-ahmed-cciex2-23822-rs-sp-32325013/
Email – mublamouchi@gmail.com