It seems as though every month we hear news of another notable organization falling victim to a security breach where sensitive information and data is exposed. In fact, according to USA Today, 43% of companies experienced a data breach in the past year, up 10% from the previous year. The latest security breaches create a concerning trend, one that has organizations scared stiff. Many are re-evaluating their technology initiatives or scrutinizing their existing technology infrastructures as a result.
Data shows there were more than 1.5 million monitored attacks in the United States in 2013, according to the IBM Security Services 2014 Cyber Security Intelligence Index. These incidents are sometimes part of a complicated cybersecurity breach from large-scale, sophisticated sources. At other times, the massive damage is carried out in a simple, straightforward manner. A 2013 China report of government data security breaches revealed a tax bureau employee secretly copied resident information from the bureau’s internet onto a USB drive, and then sold it. Since such data can fetch a handsome sum on the black market, the propensity for these breaches is exponential.
And with the proliferation of work devices, multiple networks and technology in general, points of entry for hackers have skyrocketed, dispersing the need for cyber security in a wide range of areas — from changing business models to Internet of Things (IoT) devices.
As shown in figure 1, leading cyber security spending priorities for enterprises worldwide span five main areas from 2016 to 2017. Improved collaboration is the top spending priority for C-level executives and IT and security directors.
A related Forbes publication concurs that Chief Executive Officers (CEOs) have always had very broad responsibilities. However, with the ever-present threat of information security breaches, CEOs are becoming increasingly responsible for their organizations’ overall security. Failure to take responsibility could cost millions, and often also results in a never-ending public relations nightmare, notwithstanding an exodus of customers and clients.
That means organizations need to address IT security risks before these incidents occur. This includes identifying key threats, reviewing existing security vulnerabilities and challenges to the agency’s data, enforcing risk management processes and common control frameworks, executing incident management processes (when crises occur), and empowering experts to maintain regular communications about security-related issues.
Being informed about security risks is not enough, though. Organizations need to align their security intelligence plans with those they serve as well as with their employees. Integrating three-step security protocols, for example, can help prevent a password security breach, which is one of the most common methods used by hackers to gain access to a company’s internal system.
While defending company systems is crucial, the most innovative systems need to go a step beyond defense and apply predictive analytics that detect any advanced, persistent threats. Such integrated data analytics are capable of identifying previous breach patterns, and are then able to predict potential areas of attacks.