Why do so many businesses feel unprepared for a data breach?
Business leaders need to face the facts: Data breaches and other cybercrimes will not disappear anytime soon. According to the recent Cybersecurity and Threat Preparedness Survey by Avertium, 39% of respondents shared that their company is underprepared to handle a data breach. On top of that, 66% admitted they’d prefer negotiating with a used car salesperson as opposed to dealing with a data breach.
Of course, such results are discordant, since failing to prepare for a data breach leads to a higher chance of having to deal with that very fallout.
2019 Has Taken the Top Spot for “The Worst Year of Data Breaches So Far”
Identify Force reinforces the claim that cybersecurity experts can only do so much to bolster security measures, and hackers will never give up their quest to infiltrate business systems. At a minimum, it’s clear that cybercriminals aren’t slowing down their efforts anytime soon.
Here are a few high-profile victims of data breaches in 2019:
- Fortnite, an online video game with 200,000 million users worldwide: In January 2019, a security firm detected a vulnerability wherein a threat actor could gain unauthorized access and take over a user’s account.
- Graeter’s Ice Cream, a Cincinnati-based ice cream giant: In January 2019, malicious code was found on the website’s checkout page, leaving customer credit card numbers more vulnerable to hackers.
- UW Medicine, the Medical Center of the University of Washington: The health network’s website server exposed more than one million patients to risk by leaving personal information, including names and medical record numbers, vulnerable.
Other types of businesses also have come head to head with hackers this year. These include social media giants, health care organizations, insurance companies, federal agencies, colleges and universities, drug and treatment centers, online retailers, streaming video providers, and financial organizations.
Why Do So Many Business Leaders Feel Unprepared for a Data Breach?
Businesses’ ill-preparedness for data breaches often stems from apathy, notes Inc. According to data provided by a Hiscox Readiness Report , this apathy is not unique to the U.S. The report revealed that the disregard for cybersecurity was shared in five separate nations — United States, United Kingdom, Germany, Spain and the Netherlands. In the same survey of 4,100 organizations, 7 out of 10 admitted that they did not feel prepared for a cyber attack.
Security Magazine touched on points that may highlight core issues for businesses lacking risk management preparedness when data breaches and ransomware attacks are rampant.
Here are the four key areas that may need improvement.
- C-Suite Engagement: Decision-makers at the executive level need to understand their security needs well enough to approve and finance large-scale security projects, like developing and implementing comprehensive cybersecurity strategies.
- Employee Training: An ongoing privacy and data protection awareness and training program are essential for all employees with any access to confidential or sensitive data.
- Security Strategies and Processes: A fully visible set of security processes — from password management to network security audits — is vital to IT security health. It’s also critical for everyone to understand its function, from top executives to employee system users. Continuous risk assessment is key.
- Response Plan: A data breach response plan empowers IT leaders and all employees, instilling the necessary confidence to respond appropriately to a data breach scenario. It is reported that 23% of professionals admitted they have not reviewed and updated their data breach response plan since it was put into place.
3 Tips to Help Business Leaders and IT Professionals Prepare and Defend Against Data Breaches
There is simply no denying that cybersecurity is crucial to any modern business. Here are three specific tips for avoiding situations that put customers and businesses at risk:
Include Employees in Any Data Protection Plan
Any employee could be targeted as part of a data breach via phishing email attacks and weak passwords. That’s why it’s important to provide company-wide training on all aspects of cybersecurity awareness. For instance, every employee’s first response to an email containing an unsolicited attachment should be to contact IT before opening the attachment.
Control Access to Data
The fewer people who have access to sensitive information, the simpler data security becomes. Role-based access has become a powerful tool in data security. This is because employees are often viewed as soft targets and the path of least resistance in the eyes of cybercriminals. Authorizing only a limited number of key staff members — such as IT security professionals and those in similar roles — instantly minimizes risk while maintaining information access for those who need it.
Encrypt Sensitive Data
One highly effective means of mitigating risk includes encrypting sensitive and personally identifiable information. In the event of a data breach or other security incident, encryption can save the day. Any data stolen by a hacker, if encrypted, will be scrambled and rendered meaningless.
Data Breaches Are a Reality of Modern Businesses, but Data Security Professionals Can Put Up Defenses
Whatever the reason that businesses are dragging their heels on cybersecurity efforts, there are plenty of ways to keep cyber attacks at bay without interrupting regular business activities.
Get the latest cybersecurity news and insights delivered straight to your inbox. Sign up for ISACA SmartBrief on Cybersecurity today, free.