IBM’s harrowing report released early this year, 5 Epic Fails in Data Security: Common Data Security Pitfalls and How to Avoid Them, looked at cybersecurity in business and the five most common fails associated with poor data security. Aside from being a complete mouthful, the report cast insight into the world of business and its sordid tech practices—most of which all lead to $3.62 million, or the average cost of recovering from a data breach.
Between January 1st, 2017 and June 30th, 2017, the number of records stolen as a result of business data breaches and crappy data security exceeded all of the records that had been stolen in 2016—including client information like names, phone numbers, bank records, ID information, and all sorts of things your clients would probably hate you for.
What’s worse? Almost all of the case studies in the report were preventable. Epic fails in data security are nothing more than avoidable missteps most organizations make on a consistent basis because they’re too lazy or cheap to invest in the type of tech that prevents cyber breaches. We’re going to look at the five worst epic fails in data security you better hope you’re not making, too.
1. Failure to Move Beyond Compliance
There’s nothing worse than complacency to kill productivity, growth, and, in this instance, security. Most businesses’ first epic data security failure starts with wanting to just be good enough—nothing less and nothing more. Newsflash: compliance doesn’t equal security, and if protecting your client information is something you value, you need to broaden your security resources beyond just meeting compliance standards.
Some of the largest data breaches happened in organizations that were fully compliant on paper, but offered piss-poor security in practice. Stopping at certifications is meeting a minimum standard that suggests poor data security and mediocrity, and could be the thing that jeopardizes your entire company. Don’t be that guy.
2. Failure to Recognize the Need for Centralized Data Security
Yeah, stagnation is another silent killer, and most businesses succumb to it. It’s great to move beyond compliance but for the love of God, don’t stop there. The fail here comes from companies who focus their cybersecurity efforts on sedentary lines of defense. In other words, most companies lack visibility into and control over their sensitive data as it moves around their IT environment. When data security plateaus, it protects 50% of an organization’s sensitive data sources—exposing a whopping 50% to vulnerabilities, hacks, and malware. The need for centralized data security comes from the need to adopt end-to-end data privacy, security, and protection controls that will cover a business and its data 360 degrees. The era of IoT, big data, and the Cloud are mainstays of business that are also open-ends for attack; learning how to navigate new IT waters is imperative to protecting your business.
3. Failure to Assign Responsibility for the Data Itself
Also known as the run-around. Everyone’s been there; when you try to actually find out who is responsible for all this data, you get redirected to about fifty different people in fifty different departments. If you don’t know who is responsible for your databases and sensitive information, you can never hold anyone accountable when things go wrong. It makes things like process documentation, mitigation, and implementation impossible. Data is a business’ most valuable asset, which is why it’s imperative to form a functioning IT department whose key roles are outlined so someone can always account for the data flowing in and out of your business.
4. Failure to Fix Known Vulnerabilities
According to Gartner, 99% of all exploits use known vulnerabilities. Malware and ransomware attacks usually leverage vulnerabilities at least six months old. Some of the most famous breaches have resulted from known flaws that went unpatched even after fixes were released. What I’m trying to say is this: most companies will know about cyber threats for months but won’t do diddly-squat to fix them. What gives, guys? Cyber criminals actively seek unpatched vulnerabilities because they know companies like to rest on their laurels here and twiddle their thumbs while hackers are breaking into their systems. Unless you actively like dishing out millions in data recovery—fix those vulnerabilities you know about. Anything less is asking for it.
5. Failure to Prioritize and Leverage Data Activity Monitoring
Monitoring data access and data use is kind of important to a well-thought out data security plan, and yet most companies see maximum failure here. Organizations need to know who, how, where, when, and why people access sensitive information and data in their company. Did you know? Privileged user ID’s are the most common culprits of insider threats, which is why a real data protection plan should include real-time monitoring of privileged users. Knowing, at all times, the information coming and going through your business’ life stream is integral to keeping it healthy and hack-free.
Data security doesn’t have to be hard—zbrella Technology specializes in consulting, cybersecurity and IT tech services to take your company from epic fail to epic win. If you’re interested in learning more about our team of genius technicians and how they can help you avoid the most common pitfalls of data security, call 800-750-4296 or email us at sales@zbrella.com.
Leave a Reply