No one would argue that 2018 was a turbulent year for cybercrime and identity theft, impacting organizations of all shapes and sizes around the globe. From retailers to financial institutions, ecommerce to healthcare, no industry was left untouched.
Facebook experienced one of the largest breaches in 2018, impacting 2.2 billion users worldwide. More than 300 million Marriott guests were caught off guard when the press reported that hackers had access to the Starwood brand’s network for the past four years, exposing Personally Identifiable Information (PII) such as addresses, phone numbers, and passport numbers. Even the U.S. Postal Service was compromised, with 60 million Informed Delivery customers targeted by cybercriminals who intercepted packages and opened new credit cards in their name.
While we don’t know the total impact 2018’s data breaches have had upon consumers and businesses, we do know that there was exponential growth around security incidents compared to 2017. In fact, Gemalto’s Breach Level Index reports 3.3 billion records were exposed globally in the first half of 2018 – an increase of 72% compared to the same period in 2017. There’s no doubt that we’ll continue to outpace this volume and velocity. Imaginative cybercriminals are already having success retrieving personal and sensitive data through the notorious Dark Web, and new scams are happening every day.
Awareness, combined with technological advances, are key for combatting how organizations can empower themselves – and their employees – to protect sensitive personal and company data.
System vulnerabilities surround us
The Dark Web remains a favorite playground for criminals to exploit our personal information. This sensitive PII can be maliciously retrieved by cyberthieves in a myriad of ways, whether they’ve accessed your own systems or those of another business.
And, as breaches and security incidents are reported daily, we’re all becoming increasingly desensitized. However, it is exactly this behavior that makes us vulnerable to data thieves. By remaining vigilant, understanding where weakness may exist, and building precautions into your standard operating routines, you can significantly reduce the likelihood that your personal or enterprise data will be compromised by these cybercriminals.
According to the U.S. Department of Homeland Security, 90% of all security incidents target known software defects. Vulnerabilities such as software APIs, information storage clouds, and user credentials, create a multitude of endpoints that could potentially compromise your company’s data. Organizations must ensure that they’re encrypting data where possible, while also securing their networks and being vigilant around cloud storage security. Remember, cybercriminals know how to gain access and extract the most valuable information.
As a result, it’s critical for security leaders to investigate, alleviate, and remediate cyber risks, and vulnerabilities that could lead to a data breach. First, don’t burden your employees, who may be too busy or distracted with other projects, to install security updates. If you haven’t done so already, empower your security experts — your IT support team — to manage and maintain software updates for all your network users, giving you assurance that all computers are continually protected.
Second, you may want to consider Dark Web scanning and monitoring services for your employees. This type of 24/7 alerting enables comprehensive scans, across unindexed sites frequented by hackers and cybercriminals, to detect if any personal information appears. Insight into potentially compromised employee data can also help your security teams remediate additional entry through your firewalls.
Personal mobile devices compound the threat
Enterprises frequently take precautions to strengthen their networks against malicious attacks, but unfortunately, the weakest link may often be your employees. The widespread use of mobile devices, and the popularity of Bring Your Own Device (BYOD) policies, compounds this further. Today, more than 80% of employees use their personal devices for business purposes. And, according to a report by Syntonic, 87% of companies expect employees to use business mobile apps on their personal devices. As mobile usage continues to surge, having iron clad security should be a priority for all enterprise leaders.
Today’s BYOD environment has led to bigger challenges for IT and InfoSec teams to protect these mobile devices and prevent data leaks. IDG’s research reveals that 74% of global enterprise IT professionals have experienced a data breach due to a mobile security issue at their organization, most commonly as a result of apps with a security vulnerability. A 2018 Clutch report on cybersecurity policies states that 67% of workers access potentially confidential documents from their personal mobile devices. Therefore, it’s easy to understand why hackers are increasingly targeting mobile apps and devices as they are a key entry point to a wealth of personal and business data.
Encouraging IT leaders to look beyond the network firewall, will help to drive BYOD security policies that ensure your employees work and interact with data safely. It also greatly strengthens your ability to help prevent a malicious intrusion due to a mobile vulnerability.
Commit to preparedness
Today, the question really is no longer if, but rather when, a data breach will occur that impacts your personal, customer, or organizational data. Undoubtedly, cybercriminals will gain access, whether through a breach of your own systems or that of a third-party.
It is challenging to stay ahead of these malicious events. Rest assured, you can quickly mitigate or eliminate a security incident by focusing on current and potential threats, capitalizing on innovative technologies to help with proactive alerting, being aware of organizational vulnerabilities, and taking precautions to safeguard all data and network access points. Don’t let your company become an easy target for crafty cyberthieves. Take control now to protect all that you’ve built today for tomorrow.