The average cost of a data breach was $3.8 million in 2015.
This is a 23% rise in just two years, according to an IBM report—$154 per record. Healthcare pays a higher price, estimated at $363 per record, because the data in a medical record is more extensive than that associated with a credit card. The data breach cost reflects customer turnover, customer acquisition to replace lost customers, brand reputation, and goodwill.
Cyberthreats will continue to mount as hackers find ways to bypass existing security protocols.
They might be trying to steal your data or maliciously wipe it out. Either scenario can spell disaster for your company.
How secure is your business against the heightened level of hacks designed to breach your network?
1. Spear-phishing.
Hackers who pretend to be a trusted source seek to infiltrate your network and either steal data or infect your network with malware. Spear-phishing is the targeted effort toward a business or individual, and these hackers are highly skilled.
They are so convincing that 70% of their emails are opened, and then half of the recipients who open the email click through the links within an hour.[1]
They’re using seemingly innocent and genuine words, like “FedEx invoice” or “DHL delivery” to entice click-through. You can’t prevent an attack, but you can use a security gateway and anti-virus scanner to detect it.
Safety Tip: The best protection, however, is training your employees to recognize the signs of a phishing attempt. Teach them to never download attachments without verifying the source. Advise them to copy and paste a URL provided in an email, rather than click through.
2. IoT cracks.
Gartner expects the number of units connected on the Internet of Things to reach 25 billion by 2020, not including 7.3 billion smartphones, tablets, and PCs. The IoT gives you access to your home’s devices, like turning the heat and electricity off and on, checking surveillance cameras, and even remotely starting up your washing machine. The IoT is also used for monitoring your health, like checking your heart rate. Learn more in our blog titled ‘IoT from A to Z.‘
The increased IoT connections mean more data floating through your network. Users access the information via a Web browser or app, which inherently provides vulnerabilities. You need to ensure that you don’t have unsecured cracks here.
The Open Web Application Security Project (OWASP) identified such areas as security misconfiguration, broken authentication, lack of function-level access control, and cross-site request forgery. It’s difficult to prevent cyberattacks on the IoT, but you can step up your security by:
- using stronger encryption (see #4)
- implementing software updates in a timely manner
- purchasing devices that have stronger security standards
- using stronger passwords for the device and network
- disabling unused features
- and modifying the device’s security standards.
3. Unauthenticated alternatives.
The use of biometrics for authentication—like thumbprints, retinal scan, and facial or voice recognition—may seem new and exciting to consumers, but hackers immediately jumped on the technology and have devised ways to circumvent that authentication method.
Safety Tip: To more securely protect your data, you need to implement multi-factor authentication procedures.
4. Brute force decryption.
Encryption should protect your data. A brute force attack relentlessly searches for the key to decrypt the code. The stronger your encryption, the longer it takes for a hacker to break through.
A Data Encryption DES 56-bit key offered 70 quadrillion possible key combinations. While that sounds like a lot, a hacker could easily use a brute force attack to find the correct key in a short time. That standard was replaced by Advanced Encryption Standard (AES), which utilizes 128-, 192-, and 256-bit keys. The AES 256 is the gold standard of encryption. Even with a brute force attack, the time it would take to break the code is longer than even the projected lifespan of the planet.
The best way to protect your business against a data breach is to remain vigilant in your proactive prevention. It’s not a one-off solution. In addition, educate all individuals who are using the network in the best security protocols so that they don’t open the door to a cyberthreat.
What are you doing in your business to protect yourself against a data breach? Please share your thoughts with us on Twitter @LTronCorp.
[1] The Best Defense Against Spear-Phishing Attacks, Fireye.com; https://www.fireeye.com/current-threats/best-defense-against-spear-phishing-attacks.html