Security Breaches Aren’t Going Away, So Start Preparing

If you didn’t get caught up in the WannaCry ransomware attack, you may be feeling a bit invincible right now. Well, we’re here to burst your bubble.

Data breaches truly are on the rise – be it from ransomware or other attacks, an employee making a mistake or a contractor mishandling corporate IP. The fact is, it doesn’t matter who or where the breach originated from, once sensitive information is viewed or even potentially viewed by an unauthorized individual it’s considered a data breach and organizations must react appropriately.

As cybersecurity risks continue to grow, organizations face a daunting landscape of potential issues and making the right decisions to protect their customers, employees and business.

The State of Data Breaches

Just as a friendly reminder, the average cost of a data breach – once you factor in fines, mitigation, settlements, etc. – is $4 million, an increase of 23% since 2013. With recent major settlements (like Target’s) and high profile breaches (like WannaCry and the Chipotle breach), we may see that number climb even more in the near future.

Everyone talks about how attacks and the number of data breaches are increasing, but for organizations that keep finding themselves safe it can be easy to dismiss that trend. You shouldn’t. Data breaches reached an all-time high last year (1,093 recorded breaches in the US alone), an increase of 40% over 2015. The Identity Theft Resource Center (ITRC) has been tracking data breaches since 2005, and this year is on track to set yet another record. As of early June, ITRC has recorded 724 breaches – more than half way to last year’s record total.

A recent report by Juniper Research estimates that criminal data breaches will cost organizations a total of $8 TRILLION over the next five years. This year, the report projects that breaches will affect 2.8 billion records (so far ITRC says that 10.8 million records have been affected). By 2020, Juniper Research expects the number of records exposed by data breaches to top 5 billion.

Who’s Hit Hardest? 

ITRC reports that business data breaches account for 55% of all reported incidents and healthcare tallies up 22% year to date. The other categories in the report are just as vulnerable and valuable (banking/finance, education and government/military), so these business and healthcare breaches are likely born of opportunity and take advantage of organizations that are struggling to keep up with cybersecurity risks.

Healthcare organizations still wrestle with how to protect personal health information, with cybersecurity budgets only accounting for a small portion of overall IT budgets, despite the known and growing risks. At the telemedicine trend continues to grow, healthcare organizations will have yet another aspect of service to consider and plan for – and a high risk one at that.

For business breaches, Juniper Research points out that small and medium enterprises are at the highest risk, largely due to limited spending and difficulty updating older software.

“[SMEs spent] less than $4,000 on cybersecurity measures this year. Only marginal increases in security spend are expected over the next 5 years. These firms also tend to run older software, which WannaCry and other recent cyberattacks have exploited.”

Smaller organizations shouldn’t consider themselves immune from attack, especially as large, sophisticated businesses continue to struggle with the issue.

What Can You Do?

While the upfront costs to address cybersecurity may seem daunting (and in fact is a large reason many organizations gamble with their cybersecurity), the cost of not doing anything can be just as bad, if not worse. Don’t take the wait and see approach.

If drastically increasing the security budget isn’t in the cards, make a commitment to view any current and near-future initiatives with an eye toward how they will affect or improve cybersecurity. Making smart decisions with vendor and solution choices in other areas of business can often have a positive effect on security. For instance, many companies are opting to work with cloud vendors who bring a special security expertise to their solution area.

If your company is in the process of updating infrastructure and hardware, consider shifting that dedicated CAPEX to a manageable OPEX expense and implement virtual desktops that not only give you much more control over your data, but also offer a chance for easy backup and recovery options if you do fall victim to a ransomware attack. (Plus a DaaS provider can patch your systems for you, meaning you don’t have to worry about staying up to date with vulnerability fixes.)

Making smart security decisions shouldn’t be the sole domain of the IT department. All department heads should be concerned about how their role affects and potentially exposes data and keep security high on the priority list when vetting new software, solutions or contractors.

Cybersecurity threats aren’t likely to decrease any time soon. All companies can do is stop ignoring the issue and start making proactive decisions to address cybersecurity at every available opportunity.

You may also like:

• Ideal Use Cases for Virtual Desktops
• 3 Security Takeaways from the WannaCry Attack
• Understanding the Benefits & ROI of DaaS