In the modern world of business, data is one of the most important resources for any organization trying to thrive. It also happens to be one of the most vulnerable and frequently attacked.
Business data is highly valuable for cybercriminals. They even go after meta data. Big data can reveal trade secrets, financial information, as well as passwords or access keys to crucial enterprise resources. Stolen data can be sold on the black market or used for extortion like in the case of ransomware.
The instances of data breaches in the United States are rather interesting. Based on figures from Statista, the volume of data breaches increased from 2005 to 2008, then dropped in 2009 and rose again in 2010 until it dropped again in 2011. By 2012, there was a marginal increase, then the numbers rose steeply in 2014. After a marginal increase in 2015, another steep rise happened in 2016 through 2017 before the volume decreased in 2018 and rose in 2019, and dropped again in 2020.
These numbers show that the volume of data breaches may not be continuously increasing, but they never go away. There were even points in Statista’s data that showed a seeming disconnect between the volume of data breaches and the number of records exposed. In 2009 for example, data breaches dropped to 498 million (from 656 million in 2008) but the number of records exposed increased sharply to 222.5 million (from 35.7 million in 2008). Similarly, in 2018 the volume of breaches dropped to 1.257 billion (from 1.632 billion in 2017), but the records exposed dramatically increased to 471.23 million (from 197.6 million in 2017).
So, what should organizations be doing? How can they make sure that they do not suffer serious setbacks from data theft and other similar cyber attacks? How can businesses protect themselves from unpredictable and evolving attacks on data?
They can use AI and data-driven cybersecurity technology to address these risks. They may find it is incredibly effective, which is good news due to the rising threat of cyberattacks.
Breach and attack simulation
One of the best solutions for data protection is advanced automated penetration testing. Even better is breach and attack simulation (BAS), which is an upgraded form of traditional penetration testing, which Gartner predicts to be the cybersecurity tech that can send traditional pen testing to obsolescence.
Breach and attack simulation is a comprehensive cybersecurity solution that ensures continuous protection for all the digital assets of an organization. It is designed to thoroughly evaluate the integrity of security controls in preventing attacks. It mimics actual attacks to determine how the existing cyber defenses of an organization would react.
Even better, the BAS solutions offered by leading security firms incorporate the MITRE ATT&CK framework. This comprehensive knowledge resource of adversary tactics and techniques provides up-to-date information on the latest threats. It presents guidance on how they attack, how to detect them, and what can be done to prevent, mitigate, or remediate them.
Together with the MITRE ATT&CK framework, BAS is particularly effective in ascertaining the reliability of an organization’s Data Loss Prevention (DLP) controls. Most BAS solution providers have a data exfiltration vector that determines whether the data protection system is working the way it should.
Employee training
Citing statistics from the Accenture 9th Annual Cost of Cybercrime Study, Accenture Managing Director Robert Kress submits that “humans are still the weakest link when it comes to an organization’s cybersecurity defenses.” People remain prone to cyberattack penetration, especially in the advent of more sophisticated social engineering schemes.
According to the Accenture study, phishing and social engineering attacks increased by 16 percent while incidences of stolen devices rose by 13 percent. The study also reveals that 71 percent of people are vulnerable to hacking groups who employ spear phishing.
The people who use or oversee the cyber defenses put in place in an organization should not become the tools that weaken these defenses. Unfortunately, with the current setup in most organizations, employees rarely become part of the security function. They sometimes get seminars or orientations, but it seldom happens that companies emphasize their critical roles in preserving cybersecurity integrity.
Even with the best BAS solutions, cybercriminals can find ways to defeat defenses by using the security-naivete of employees or even those in the management team. To address this weakness, Kress suggests the establishment of a culture of accountability.
“To tackle insider threats and foster a culture of accountability, boards should ensure that CEOs rally human resources, talent development, legal, and information technology teams to work closely with the security office and business units,” Kress writes while suggesting the following solutions:
- Training and reinforcing safe behaviors, which may require new work arrangements
- Building cybersecurity champions or point persons who actively oversee cybersecurity practices
- Rewarding security-first behaviors to encourage more security mindfulness
- Maintaining strong cyber defenses including encryption, prudent rights management, and user and entity behavior analytics (UEBA)
- Assisting people in becoming prepared through occasional or random evaluations
Data backups and a dependable disaster recovery plan
Organizations need to accept the reality that data security threats will never go away. At the same time, it is advisable to have the mindset that no cybersecurity system and practices are foolproof.
With this mentality, it becomes a must to religiously set data backups. It’s bad enough for an organization to suffer from data theft; it’s exponentially worse to lose critical data through ransomware or an indiscriminate data wipeout attack.
In addition to data backups, everyone is also advised to come up with detailed disaster recovery plans. The United States Government’s Ready.gov website even has a page dedicated to this.
“An information technology disaster recovery plan (IT DRP) should be developed in conjunction with the business continuity plan. Priorities and recovery time objectives for information technology should be developed during the business impact analysis,” the page indicates.
Conducting regular data backups is a smart move, but it is even better to have a comprehensive plan for how to ensure that a data breach does not result in worst-case-scenario consequences. A disaster recovery plan minimizes business interruptions, limits the extent of the disruption and the damage that comes with it, reduces a data attack’s economic impact, and lays out courses of action to mitigate the effects of data theft or loss. It also prepares personnel on how to best respond to situations involving enterprise data compromises. Additionally, it presents clear guidelines on how to rapidly restore business operations.
Disaster recovery plans can be formulated internally by an organization’s in-house IT team. However, there is nothing wrong with relying on third-party data recovery solutions. These vendor-supplied disaster recovery plans allow companies that lack IT proficiency to have an effective recovery strategy that does not require technical know-how or complicated configurations and dashboards.
In summary
Data security risks are abundant, and they are very unlikely to be reduced to irrelevance, let alone become fully extinguished. To prevent or mitigate the impact of data theft or loss, organizations need to ensure that no vulnerabilities in the system can be exploited by hackers or cybercriminals. Additionally, organizations need to acknowledge how crucial their own people are in maintaining cybersecurity while ensuring that they have a reliable disaster recovery plan, which includes conducting routine data backups.