Data breaches – what can we learn from them?

Facts from Verizon's 2013 Data Breach Report.

Author: Eija Paajanen
Date: 19.03.2015
Read Time: 2 Minutes

Even with a changing threat landscape with new mobile-based attacks, it is still as relevant as ever to protect email and servers.

Verizon’s 2013 Data Breach Investigation Report tells us that 2012 saw a very diverse set of data breaches that affected everyone from private consumers to big corporations. However, on the company side, small companies with one to 100 employees were the ones most targeted. And, over 90% of the data breaches were done by external parties, with three-quarters of the attacks driven by financial motives.

For small companies, this is tough to read, and might call for an evaluation of the security measures in the company’s IT environment. Most SMBs tend to lack the knowledge or resources to handle security efficiently though, according to an article in Dark Reading.

Infograph_data_breachOver 70% of the breaches involved end-user devices, and over 50% involved servers. Forty per cent of the attacks contained malware. Therefore, stopping malware attacks even before they enter the company network is essential.

Email still continues to be a popular channel for spreading malicious code, even if social channels are on the rise. Therefore, email security is still as relevant as ever. Average security solutions cannot fight the increasing number of exploits and malware attacks that continue to pop up on the scene. Persistent patching of holes for known vulnerabilities, combined with the most efficient protection measures, are a must in this environment. With the right tools, however, taking care of security does not have to be difficult or time consuming.

Data breaches are not likely to lessen in the future, and therefore, it is essential to understand the basic principles of how data breaches happen, what the consequences are and how to minimise the risk.

First of all, there are the accidental data breaches. The risk of those can be reduced – you just need to understand the risk, and take action.

  1. Educate your employees – make them aware of the risks related to the loss or theft of company devices. Another point here is to teach them about the devices, not purely security.
  2. Take care of encryption for the devices.
  3. Improve the relationship between IT and other personnel.

F-Secure Security Advisor, Sean Sullivan, looks into all of the topics above in an article by Jeff Goldman in eSecurity Planet ‘Learn from others’ mistakes’.

Hackers use several methods to breach an organisation, and the basic protection efforts for the network are simply not enough. Sullivan further studies the breaches by category in Goldman’s second article ‘More lessons learned’.

Additional tips from Sullivan include the following suggestion: be constantly aware of the threat of malware as it can hit companies where they least expect it. The threat of insider breach cannot be forgotten either – the consequences of leakage of confidential data can be severe.


Post Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s