What can we learn from the top 10 biggest data breaches?
You can’t blink these days without hearing about yet another data breach. While some may be suffering from “breach fatigue” and becoming jaded, we argue that it’s more important than ever to take cyber threats seriously.
The graphic below presents a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company. Click on the image for the full version.
Among the top 10 breaches is the well-publicized Target breach, the recent eBay hack and the record-holder for the biggest breach of all time, Adobe. While all of the breaches were rooted in targeted attacks, it’s the specific vulnerabilities that hackers were able to exploit to bypass each company’s security defenses that are notable. For example, two breaches capitalized on insider threats, while a third was linked to poor security. Yet another was the result of unauthorized access to system servers.
These vulnerabilities are common in businesses around the world, but with a holistic and proactive approach to security, organizations can defend against cyber attacks. Below are four important tips to reduce your businesses’ risk:
1. Identify cyber risks in the physical world. Security leaders and company executives must recognize that cyber security cannot be limited to point solutions and must take into account every potential point of ingress, no matter how mundane, across the entire organization in order to successfully thwart cyber attacks.
2. Shut down the insider threat. The insider threat is not always defined by malicious intent, but the impact of a single mistake or unnecessary network access can be catastrophic. Beyond employees, organizations must also consider vendors, suppliers, contractors, partners and every potential access point those third parties touch.
3. Enforce and reiterate policies and procedures. Policies without training are meaningless. Ensure that all employees and contractors understand your policies and conduct frequent training on proper procedures for handling, sharing and disposing of data, using mobile devices, traveling, and the many other potential areas of risk.
4. Don’t be a soft target. Too many companies don’t take preventive action until they’re already the victim of a cyber attack. Every company, regardless of size or industry, is at risk. Those that take proactive steps to ward off a cyber attack may or may not succeed, but they can deflect an attack by making their businesses harder targets.
When it comes to the cyber threat, one thing is certain: there is no such thing as a risk-free experience. No matter how much money is spent on security point solutions or how well fortified a company’s perimeter, if a hacker takes aim at your business, he won’t stop looking for a way in by any means necessary. Those businesses that recognize the seriousness of the cyber threat and are proactive in fortifying their defenses will stand a much greater chance of staying off the next top 10 list.