By the time you finish reading this, over 15,000 data records will have been lost or stolen around the world. Australia alone, suffered nearly 250 data breaches across April, May and June just this year. Of those nearly 250 breaches reported, over 75 percent were the result of compromised credentials. The Australia Government has passed the Mandatory Data Breach Notification legislation in February to prioritise protecting citizen’s private information, and put more pressure on organisations to actively secure data.
Globally, organisations are no longer able to sweep a breach under the carpet and face a tap on the wrist and told to fix their issues. Rather, costs of data breaches can include heavy fines, possible jail time in some countries, along with permanent reputational damage.
Governments do, however, understand that cyber-attacks are inevitable, no matter how many defensive measures are put in place. That’s why the emphasis is placed on organisations to show they have taken as many steps as possible to avoid or mitigate an attack. Getting the basics right, and being more informed about available technology can help organisations last longer against cyber-criminals.
Get the basics right
There are basic steps organisations can do to mitigate the chances of a breach taking place. CEOs must first understand the ins and outs of how their business works, manage the day-to-day processes and be able to identify any risks to the organisation. Any issues that are identified should be quickly eliminated.
Every employee should be educated on security procedures because inevitably they will be the ones targeted during a sophisticated cyber-attack. Attackers usually look for an easy access point, such as gaining employee login details or sending nefarious links to employees in email fraud and phishing scams. By educating staff on what they should be looking out for, organisations can limit their exposure to cyber-attacks caused by employee accidents.
Lock makers who make door locks never guarantee their clients will never be robbed. They can offer comforts by indicating how long it takes to pick a lock without a key. By the time a 5-minute lock is broken, someone might have noticed and called the police. Organisations must take the same approach with cybersecurity, making it as difficult as possible for a hacker to get in so by the time they are about to break the lock, the security system will know it is at risk.
Use technology to make entry as difficult as possible
Technology has become a vital tool to help prevent breaches. Two-factor authentication and privilege access management are simple technological tools that every organisation should consider. By requiring multiple forms of identification from workers to access networks, such as a password and a key card or randomly generated code, attackers who acquire a login password are still unable to access a network.
Likewise, with privileged access management, organisations can determine which parts of a network employees can access. This ensures casual workers or contract employees cannot access private information without seeking approval from someone in charge. By putting as many barriers as possible between a threat and a network, organisations can reduce the risk of being affected by a cyber-attack.
Use analytics to identify potential threats
Artificial Intelligence (A.I.), big data and machine learning can play an important role in identifying inconsistencies in a network or system. User Behaviour Analytics (UBA) demonstrates the remarkable advantages A.I. has made to cybersecurity. UBA is the tracking, collecting and assessing of user data and activities using monitoring systems.
By analysing historical data logs, UBA systems identify patterns of user behaviour. Tracking a user’s permissions, activity, geographical location, and even their typing profile. Applying analytics like UBA can identify when a user does something they don’t normally do, and sound alarm bells. While UBA systems don’t report all inconsistencies as a threat, they can evaluate the behaviour’s potential impact and allow security teams to prioritise potential threats.
With Power, Comes Responsibility
The heightened focus on protection of private data has placed an unprecedented level of responsibility on organisations to reduce the risks of a cyber-attack. By getting the basics right, and re-enforcing with technology solutions like two-factor authentication, privileged access management and user behaviour analysis, organisations will be in a better position to tackle cyber threats head-on, reducing financial and reputational costs.