Why do online
cyber threats happen? The answer seems straightforward enough: An organization’s
or individual’s computer security is compromised, enabling data breaches of employee
records and theft of intellectual property. Moreover, it’s becoming more a
question of an individual’s or IT department’s complacency on protection rather
than the ability to fend off attacks. Hackers are always looking for those
weaknesses in any system and complacency is certainly a weakness, a large
self-inflicted breach in a defense wall, to put it bluntly.
Today’s threat
environment is certainly daunting. Many online security experts have already
been predicting that as of 2013 there would be at least one major data breach
per month. And this outlook is somewhat conservative. In 2016 alone, there have
been 411 recorded data breaches, exposing more than 11 million records. While
not all incidents may qualify as “major,” they covered different sectors from
healthcare to government, and have even affected basic services as in the case
of the public transportation hacking in San Francisco recently.
Complacency
makes defense difficult
Often, the
problem begins with the defender or computer user. While it’s true that a
hacker can find new ways to penetrate even the toughest defenses, this is
extremely rare. Often, a hacker is handed the advantage by the user’s
complacency. For instance:
§ Less
than a third of computer, mobile, and tablet users install security software.
§ More
than 63 percent of those with installed security software don’t even run virus
checks.
§ 40
percent don’t even know what safety breaches are.
§ Many
mobile and tablet users use public Wi-Fi at malls for online banking.
§ More
than 50 percent of Internet users are more concerned with speedy service than
security.
Businesses
often feel they’re too big or too small to be in danger
Recent large
data breaches confirm that even huge businesses need risk mitigation, while an insider
threat can hit an organization of any size. In fact, more than half of security
incidents involved a worker, former employee, or contractor. With even small
businesses dependent on supply chains, the ingredients are there for a breach.
Not
investing in endpoint security
Too often,
businesses, big or small, just pay lip service to protecting customer data and
company reputation. However, more than one-fifth of businesses of any size
today lacked an enterprise resource management program, which could help with a
breach. Again, it goes back to the basic complacency of “we’re not going to be
targeted, anyway.”
Not
vetting suppliers and failing to assign proper responsibility
Businesses are too
heavily reliant on vendors and partners for credit card processing, supplies
and materials, infrastructure maintenance, and consulting. Amid the growth of
this ecosystem, leaders may assume that a breach caused by a contractor is not
on them, despite their likely need to provide credit monitoring after such an
event. This mindset can lead to the insufficient vetting of suppliers and the
creation of weaknesses throughout the supply chain.
0 comments:
Post a Comment