There has been a wealth of research related to data breaches in the past few years, as analysts and experts work to get to the root causes of information exposure, identity theft and other crimes that have been significantly impacting the United States economy in the past few years. Some interesting findings have certainly been identified, such as the fact that employee errors, poor configuration and generally lackadaisical security strategies have been highly common sources of breach.
More intricate information is readily available as well, but one significant problem has not yet been fully understood or communicated, and that is the impact that the security culture has had on corporate information governance and consumer protection. Some of the most forward-thinking leaders in the IT security field, including Brian Krebs, have cited the fact that decision-makers have consistently pointed fingers at one another when a breach occurs, and this simply is not the right mentality to combat sophisticated attackers.
One can only assume that, if business leaders and consumers took responsibility for and ownership of their own data protection, the frequency and subsequent damages of breaches would likely begin to move on a rapid downward path. Think about some of the most common causes of security failures, such as employee error, a lack of organizational awareness, poor oversight frameworks and the like.
Then, begin to understand that these are all symptoms of the general mentality that most business leaders, public sector officials and consumers themselves have fallen into. Rather than just taking medicine to live with the symptoms, organizations should soon begin to understand just how important getting to the cultural root is when looking into the future of operational continuity and security.
Understanding the gravity of the threat
USA Today recently reported that a new study from the Ponemon Institute revealed some stark findings with respect to the widespread impact of data breach on businesses from around the globe. According to the news provider, researchers found that roughly 43 percent of all companies experienced some form of data breach in the past year, representing a 10 percent increase from a year ago.
Think about it this way - should that pace sustain for another year, roughly half of all businesses will experience a breach within the next year, and by 2016, that rate will be up to 75 percent. It might seem a little ridiculous to say that the number will eventually hit 100 percent, but considering the fact that crimes have been accelerating with no signs of slowing, business leaders should probably begin to understand that this is a very viable future.
The same ideas mentioned above were found to have lingering impacts on data breach prevalence, as USA Today noted that a separate survey found 3 percent of organizations are evaluating their security strategies on a quarterly basis, while the vast majority are not doing so at that frequency. As a note, security testing should take place even more regularly than a quarterly basis.
So, if a business owner thought he or she was well outside the path of hackers and other causes of data breach, he or she should think again.
Two of the biggest breaches in history were later discovered to have been highly avoidable, and the song remains the same when looking at a wealth of other events that have taken place on smaller scales. The Verge recently reported that Home Depot had overlooked several indications that a breach was about to occur, while action could have prevented the attack that is believed to have led to the exposure of 56 million credit card numbers.
Likewise, Target was found to have ignored the telltale signs that things were amiss, and this led to the exposure of 40 million credit cards. At the end of the day, consumers should be upset that they were put in harm's way because of negligence, rather than an unavoidable attack which the business did not have any ability to stop.
Still, organizations remain in the back seat when it comes to security provisioning and strategic improvements, allowing some no-named Jeeves to drive them along an increasingly dark path without ever asking questions, taking the wheel or waking up when a warning sign is on the horizon.
The most disheartening part of all this is that it is simply not necessary, as there are a wealth of options that can help companies to minimize the threat of breach while preparing to quickly handle the damages that occur thereafter. Organizations can often benefit from leveraging more advanced email encryption, secure cloud and data protection services offered by proven and reliable providers of the technology.
By becoming more proactive than competitors, business leaders will also be investing in a very worthy endeavor when putting resources into security and continuity.