If you’re in business, hackers have probably breached your organization’s computer network at some level. Company leaders might not be aware of the intrusion yet, but they will discover it eventually.
That’s a statistical reality of today’s high-risk, cyber environment.
A report from the California-based cybersecurity company FireEye Inc. reports an average of 96 percent of systems across all industry segments have been breached. More than a quarter of the breaches involved advanced malware.
The findings of the FireEye report are among the statistical highlights quoted in a new report from ID Experts, titled “Breach Essentials: What, When and How to Defend Yourself.” ID Experts is an Oregon company that provides software and other services to help organizations manage cyber risks and data breaches.
“Effective resistance to data breaches is about more than building barriers,” according to the report. “It requires organizations to identify threats, defend against then and – perhaps most importantly – respond quickly and adeptly to them.”
Interestingly, ID Experts identify dark data, or forgotten information, as a particularly serious and vulnerable security risk. Dark data can include everything from old reports to archived emails. In addition to devices such as personal computers, forgotten data might exist on equipment such as old printers and fax machines.
The fact that sensitive information has been forgotten does not excuse an organization from its duty to protect sensitive information.
The first step to protecting dark data is to acknowledge that it exists, says the ID Experts report. Then companies can take steps such as reviewing their data-retention practices and destroy or encrypt outdated and unneeded information.
The report concludes by quoting Forrester, a prominent research and advisory firm: “You can’t stop every cyberattack. However, your key stakeholders, clients, and other observers do expect you to take reasonable measures to prevent breaches in the first place, and when that fails, to respond quickly and appropriately.”
Forrester, incidentally, expects cybersecurity risks to increase. One of the reports the company currently is selling is titled, “Predictions 2017: Cybersecurity Risks Intensify.”
It’s probably also safe to predict that in the coming year, more organizations will be surprised to learn that they’ve already been attacked and that some of their data might have been exposed. For many companies, the real challenge will be to contain attacks and limit the spread of damage.
Advice from companies such as FireEye, ID Experts and Forrester generally is similar to what security experts at companies such as SDN Communications will tell you.
SDN is a Sioux Falls-based company that provides broadband connectivity and related cybersecurity services to businesses and organizations in the region. SDN advocates that businesses and organizations take a layered approach to security.
Good cybersecurity starts with the buy-in of an organization’s top leaders and spreads to the participation of every employee at every level. Good, ongoing training is critical to keeping cyber defenses strong.
SDN’s definition of taking a layered approach to security also involves taking steps to protect the interior workings as well as the edges of a network. Individual workstations – every one of them, mobile and stationary - also must be protected.
“Every level matters, whether it’s the PC or the network. Your security is as strong as the weakest link,” says Chad Pew, manager of IT at SDN.
Pew’s comment is included in a booklet from SDN, titled, “Cybersecurity: A Layered Approach.” It outlines a general approach to help organizations implement an effectively layered, cybersecurity strategy.