The year 2016 is being called the Year of the Breach. A recent study by the Ponemon Institute shows that two-thirds of organizations affected by a cyber breach are unable to recover from the attack. Imagine these organizations – so many of them – ceasing to operate one by one as wanton and malicious cyber-attacks damage their critical infrastructure, reveal operational strategies or trade secrets to competitors, or even taint the public’s perception of an entire brand! Of course it’s hard to recover! And the statistics from the Ponemon Institute show a growing threat that can reach any industry, any demographic.
Why was 2016 The Year of the Breach? Some reasons:
- Shortage of security professionals
- A culture of weak business security acumen
- Lack of security awareness training
Ponemon also points out that 74% of organizations affected by a cyber security breach can trace the root cause back to “human error.” And what kinds of “human errors” result in such vulnerability? Users having excessive access. Misconfigurations in implemented technologies. Failure to consider the Insider Threat. And what is to be done? To successfully withstand a climate of increasingly complex and frequent data breaches, organizations need to renew their focus on Data Security.
Lessons to take forward into 2017
Higher Education, Security – Educational institutions need to increase the availability and quality of CIS/IT security-related degrees and programs. A generation of excited, aware, and talented security professionals will be essential to the long-term viability of businesses in the Information Age.
Change Passwords Regularly – It seems like such a simple problem to solve, and yet user passwords continue to be the leading vulnerability that attackers exploit. A disciplined policy of forced, regular password changes can do much to mitigate the threats of stolen credentials.
User training – Organizations need a security team that has the ability to create and conduct security training for end users. Information security should be laid out and explained such that end-users understand the impact of their individual actions on the business environment.
During 2016, hackers helped to expose weaknesses in internet protocols, passwords, and Internet of Things (IoT) devices. But going into 2017, security professionals should still pay attention to the basics: credentials, data, and how best to understand who has access to what.
Don’t miss a post! Subscribe to The Insider Threat Security Blog here:
Brad Bussie is an award winning fifteen year veteran of the information security industry. He holds an undergraduate degree in information systems security and an MBA in technology management. Brad possesses premier certifications from multiple vendors, including the CISSP from ISC2. He has a deep background architecting solutions for identity management, governance, recovery, migration, audit, and compliance. Brad has spoken at industry events around the globe and has helped commercial, federal, intelligence, and DoD customers solve complex security issues.