On any given day. in any search for the term “data breach”, you will find a number of fresh articles revealing data breaches within the last day or so. The compromised institutions are located all over the globe, in both private and public sectors. Even governments are not immune.
From just today, here is a sample:
- State Department Reveals Employee Data Breach
- Perth Mint Customer Data Breach
- Vendor Blamed For BCBS Data Breach
…and it goes on.
What are the causes of these breaches? For the new ones, the causes are still under investigation. Historically, phishing and social engineering of employees are responsible for over half of all data breaches. Another leading cause is security lapses at a third party (vendor). External hackers and advanced persistent threats do occur but at a rate less than these two. Internal attacks from a malicious actor also happens but again, at a much lower rate.
What does this tell us? It implies that many data breaches could have been prevented if vulnerabilities had been identified and then cybersecurity controls and practices implemented to address these vulnerabilities.
How can a business go about identifying vulnerabilities? How to know which controls to apply? The answer is: with much thought, and the participation of all stakeholders in the business.
No single method is always right for every business. Implementing the latest fad “control” or ad hoc canned “solutions” can be expensive and unnecessary, and even counter-productive. We will examine in a subsequent news post some generic steps any business stakeholders can do internally to start down the road to analyze their particular cybersecurity needs.
Shore Cybersecurity LLC helps our clients do this initial analysis, then can assist with subsequent updates. We also can suggest appropriate controls and how to manage them on an ongoing basis. If your business has needs in this area, contact us for a free initial consultation.