Data breaches dominate the news headlines. Whether it is the Home Depot, Target, Staples, Anthem or the Ashley Madison breach. Every day a new company is experiencing a data breach. Many businesses are asking when this will all end. Unfortunately, the end of data breaches don’t appear to be happening anytime soon.
What has changed?
Why are all of these breaches happening now? For one thing, the tools that hackers are using are more readily available. In addition, hacking for hire is a real business. Someone can rent the services of a hacker right on the Internet.
But even without hacking for hire, hacking and hacking tools have been around for as a long time. Could it be that the value of stolen information has increased which has made hacking a lucrative business? Could it also be that one set of stolen information could be used to steal even more valuable information? Stolen information can be used in spear phishing attempts that could steal the credentials to someone’s bank account or a company’s network.
What hasn’t changed?
Unfortunately even with the ever increasing amount of breaches, the security that many companies use to protect themselves has not dramatically changed. Companies, especially small to mid-size businesses (SMBs) are still using the same security defenses they used 15 years ago. Most SMBs utilize a network firewall, anti-virus software and security patch management. These tools have advanced in 15 years and are updated much more frequently but essentially they are the same tools and security that have been used in the past.
IBM’s 2014 Cyber Security Intelligence Index found that 95% of data breaches were caused by human error. Take a step back and think about that. If almost all data breaches were caused by human error then what is the network firewall, anti-virus and security patch management doing to protect valuable company assets?
Employee Security Training
Companies need to start taking a different approach to security. Companies absolutely need to implement advanced threat detection solutions and other solutions that will prevent and detect hackers and attacks. But maybe even more importantly, companies need to start training their employees on security best practices. Employees need to understand how to recognize a phishing email or phishing website. They need to start using more complex passwords and safeguarding these password better. They need to be made aware of other threats such as the danger of public Wi-Fi, phone scams, downloading and installing free software and the need to physically protect mobile devices.
The only way to protect against the cause of 95% of data breaches, is to start minimizing human errors. Training and awareness is one of the best ways to reduce human errors.
Breach Secure Now! Unlimited Clients Security Training
White labeled, All You Can Eat Security Training!
(Watch our video below)[tvideo type=”youtube” clip_id=”tRk7dmERTd8″ autoplay=”false” fs=”true” rel=”false” showinfo=”false”] [/framed_box]