2019 has seen some of the most extensive cyber-attacks in the modern day attacking government institutions to global organizations. Uniqlo, a global fast retailing fashion brand lost over four hundred thousand customer information while the U.S customs and border protection faced a breach exposing a hundred thousand traveler records. The list is long and there are countless smaller breaches that take place daily and many times go undetected.
While businesses are waking up to take note of such attacks and taking precautions to secure their critical infrastructure, its vital to get rid of certain misconceptions businesses generally have. This blog discusses the same.
Misconception # 1 “I have a firewall, so I’m safe”
Enterprise Security today is far more complex today. While antivirus and firewall software help to control the traffic onto the private network, prevents unauthorized access on the same, and essentially are the barrier between trusted networks and networks outside the organization such as other businesses networks etc, it alone is not adequate to protect a network from any form of intrusion. This is because most attacks are delivered via email and the web, both of which are allowed through firewalls and firewalls do not control outbound data theft. But most importantly, firewalls aren’t built to identify, protect or eradicate the threat. Thus, every business must consider upgrading from a simple firewall system to a more comprehensive and advanced solution that responds to multiple vulnerabilities from virus, malware, identity theft, data breach etc.
Misconception # 2 “Is such a solution essential for my business? It’s so expensive!”
With cyber-attacks, large and small, increasing in frequency and intensity, it is critical for organizations, regardless of their size, to have a robust infrastructure and data security solution for protection. This is because the effects of a security breach on an organization are long-lasting and unfavorable for future growth. And sometimes, you may need to pay a hefty ransom to get back the data! A recent study by Deloitte Advisory claims that while directs costs of such a catastrophe are detrimental, the ‘hidden costs’ too impact the business which an organization experiences 2 years or more post the event. Between January and September 2019 there were over 7.9 billion data records exposed — a 33% increase from the same time in 2018! The year 2020 has witnessed power houses such as MGM resorts, Estee Lauder and Walgreens lose their data. Thus, with every year witnessing a higher number of breaches, it will be naïve for an organization to hope they are not attacked.
While 2016 saw an increase of 40% more data breaches than 2015, 2017 has witnessed major data breaches at global houses such as Dun and Bradstreet, Saks Fifth Avenue, Intercontinental Hotel Group amongst others.
Misconception # 3 “Why would my organization be attacked? My company is so small”
While small to medium sized businesses don’t possess assets such as the larger firms or transact as much, they surely are easier targets to penetrate. This is why IBM claims that 62% of cyber-attacks are aimed at them. A recent U.S. House Committee on small business cyber-security too show figures that nearly 20 percent of cyber-attacks that result in a data breach affect small businesses with less than 250 employees. What’s more concerning is that 60% of companies suffering the breach are believed to be out of business within a year as their ability to address the vulnerabilities and mitigate the risks are too low.
Misconception # 4 “If a data breach happened at my business, we would be able to restrict the damage/we will know when our systems are hacked.”
When it comes to security, businesses often wear the attitude of ‘we’ll cross the bridge when we come to it.’ However, reports suggest that an average time to detect an attack or security breach is 146 days globally. Hackers had gained complete access to the Citrix systems from October 2018 – March 2019 while the company was unaware of this incident. They only revealed of this intrusion in May 2019. Trump hotels, a famous hotel chain belonging to now US President Donald Trump reported a security breach in September 2015 – a year after the attack.
Another report, a Trustwave Report, claims that 81% of reported intrusions are notified not by internal security processes or systems but by external sources such as news reports, external fraud monitoring and others. These raise the question – how will the company re-act or restrict the damage when in all probability, it will be unaware of the attack?
In September 2016 approximately 500 million account details from Yahoo were stolen. And their systems were attacked again in February 2017.
Misconception # 5 “The application is password protected”
Many users are of the opinion that if their data is protected by a password, it is safe. Unfortunately that does not hold true. In September 2016 approximately 500 million account details from Yahoo were stolen. And their systems were attacked again in February 2017. While the number of users affected are unknown what’s interesting is that the hackers were able to infiltrate accounts without requiring the individual passwords. Thus, a password is most definitely not enough to protect your data from attacks. That breach cost Yahoo $117,500,000.
Misconception # 6 “Threats are only external”
It is a usually belief that all cyber attacks or threats on business data are external. You will be surprised to know how wrong this belief is. Most of the cyber attacks, nearly 75% of data breaches are a result of someone on the inside, says research. A disgruntled employee, an ex-employee with a grudge, or just an ignorant user on your network can grant access to your entire organization’s data resulting in a massive data breach. It’s always a good idea to train your employees and teach them about cyber threats.
IT security is a growing concern. Businesses need to be vigilant and have the right systems in place to minimize the impact of a data breach. If you are contemplating whether to deploy an enterprise network security solution for your organization, allow Embee to help you. We have successfully implemented industry preferred security solutions for media, healthcare, logistics, manufacturing industries. To know more, click here.