Those who assumed that the introduction of new compliance regulations and the rising awareness of cybersecurity threats would cause data breaches to decline in 2019 were unfortunately mistaken. In the first quarter of 2019 alone, there were 281 reported data breaches with over 4.5 billion records exposed.
Cybercriminals are often much faster at adopting new technology for attacks than organizations are at adopting detection and preventative technology. New automation and machine learning technology is being implemented by cybercriminals to help them turn those exposed records into profitable fraud.
Why are organizations still struggling to keep up with the rate that attackers are evolving? Is there anything you can do to protect your systems against attackers who are able to adopt new technology so quickly? These are troubling questions for many.
As we get further into 2019, companies will continue to suffer data breaches unless they become more receptive to deploying technology designed to give them better visibility into their data. Steps need to be taken to secure and protect data from cybercriminals and from exposure through accidental misuse.
A Data Breach Will Cost You
The true cost of a data breach involves a variety of factors that many don’t consider, including regulatory fines for non-compliance, any potential lawsuits, compensation, deploying a cybersecurity solution after the fact and more. All of this costs money.
The global average cost of a data breach is estimated to be somewhere close to $3.9 million. That can be broken down to the average cost of a breached record to be $148. This is a drastic increase year on year and the value of data is looking to only increase.
The implications of a data breach are therefore very serious and should not be taken lightly. We should be looking at those companies who unfortunately have been too late to act and be taking lessons for our own security ecosystem.
Look for Better Technology
There is a lot of emerging technology on the market that makes use of artificial intelligence (AI) and machine learning to effectively detect and predict dangerous behavior. Some solutions, such as LepideAuditor, are able to use machine learning, for instance, to determine what kind of user behavior is “normal” and alert you when anything deviates from that norm.
This is invaluable. If attackers are learning how to leverage machine learning and AI technology to create more efficient attacks, then we must learn how to use the same technology to reduce the attack surface and combat the threat.
Data Security Must Be the Priority
Everything you do in your cybersecurity plan must be with the sole purpose of keeping the data secure. Data is cash, and its value is on the rise. You wouldn’t leave your wallet within arm’s reach of a criminal, so why do that with your data?
One thing we have to promote within our organizations is the value of data and the need to protect it. Many struggles with the concept or just don’t give enough thought as to why certain cybersecurity practices and policies are in place. Is a junior salesperson likely to rotate their password every few months? Or are they far more likely to use the password “password” and stick with it? If your cybersecurity policies and practices are without context, they are unlikely to be followed.
Another thing we believe every organization should have in place is a widely used and fully understood Data Security Platform. Technology that enables you to keep track of your sensitive data, the permissions applied to it and the user interaction with it. Visibility is the key here. Deploying any old DSP will not be enough. You must understand how to use it and where the value is.