Over time, you’d think that cybersecurity would be getting better and better. Before you know it, cybercrime would be a thing of the past. But the tragic reality is that the opposite is true. On a year-to-year basis, the reported incidents of data breaches in the United States increased by almost 30 percent from 2016 to 2017. Several factors account for this increase, including:
- The total volume of stored data has increased dramatically, and that data presents a very tempting target to cyber attackers.
- Technology solutions, such as firewalls, erect perimeter defenses around networks and lend to a sense of internal complacency, but do nothing to stop insiders from intentionally or negligently assisting with a data breach.
- Hackers are developing more intelligent and sophisticated data breach techniques, and are sharing those techniques in active marketplaces on the dark web.
These factors show no signs of abating. And by any measure or estimate, incidents of successful data breaches are likely to get much worse before any improvement is made. Moreover, organizations are under more pressure to report successful data breaches from regulators, shareholders, and customers. Even if the number of data breaches were to drop, the publicity surrounding them will grow. Affected companies, unfortunately, will face growing scrutiny over their data security practices.
Awareness of the problem is typically the first step toward resolving it. Large entities that have been the targets of successful data breaches are substantially increasing their cybersecurity defense budgets to attack the problem. Target and JP Morgan, for example, are devoting $100 million and $500 million respectively, to beef up their data breach defenses. The magnitude of these numbers reflects the reality that data breaches will, in fact, get worse. The takeaway is that organizations need to adopt measures to respond to the deterioration of the cybersecurity situation.
Facing Down the Threat
The data breach problem is not confined to large companies. More than 70 percent of all attempted hacking attacks target small and mid-size businesses (SMBs). But SMBs typically do not have the same assets or resources as large companies to devote to this problem. Nonetheless, SMBs can still take a proactive approach to the growing data breach environment.
First, an SMB should audit its network environment to determine what gaps can be exploited by a hacker to access the company’s data. That audit should cover every level, from management on down. It should also assess the organization’s full risk profile and to develop a list of steps required for the organization to reduce those risks.
Second, the SMB should determine what technology and other defenses will best fill the gaps uncovered by the audit and will serve its cybersecurity needs. Those defenses can include firewalls that are updated and maintained regularly, multi-factor authentication for logins to an SMB’s information systems networks, employee education and training to recognize phishing attacks, ransomware, and other forms of data breaches, and recovery strategies and plans that can get the SMB back in operation if a hacker does succeed in breaching the SMB’s defenses.
Next, the company should develop a recovery strategy that include cyber security insurance. Cyber security insurance is often the only thing that will keep an SMB’s operations up and running following a data breach. Some small businesses, sadly, crumble under the financial pressures. But investing just dollars a day on an insurance safety net can mitigate thousands of dollars in damages.
Finally, the company should establish an incident response plan. This will advise employees how to respond to a data breach and who is in charge of overseeing the process. It is wise to include a public relations strategy in this plan as well. After all, people want to know how you are handling a security incident and what they can do to protect themselves.
Follow these tips and you’ll be sure to get better, even as the data breach trends get worse. Best of luck!