Data Breaches 101: Don’t Become a VictimWednesday, June 20th, 2018
The recent breach of a large financial institution is a stark reminder that cybercrime is still very much on the rise – with more and more companies and individuals being hit. Here’s how to ensure your organisation doesn’t become a statistic by adopting a security and backup strategy.
Thanks to our modern reliance on mass quantities of data and internet-based storage and interaction, data breaches are becoming more and more common. And, as our companies and organisations become more connected and dependent on data, the more vulnerable we are to hackers accessing our information.
A data breach occurs when cybercriminals successfully infiltrate a data source and extract sensitive, protected and confidential information. The main primary intent of the breach is malicious, where the hacker usually threatens to expose the said-information, use it unlawfully or prevent access to it – if a ransom isn’t paid. The breach can be done physically by accessing a computer or network to steal local files, or by bypassing network security remotely.
South Africa reportedly has the third highest number of cybercrime victims worldwide, losing about R2.2 billion a year to cyberattacks. It has also fallen victim to more cyberattacks than any other African country. According to a Fortinet study, in 2016 alone, almost 9-million South Africans became victims of cybercrime, with up to 40% of ransomware victims paying up. Out of that, 33% of South African companies were impacted – with 15% experiencing an attack through their website.
“With malicious intent underlying these incidents, attacks are directed through multiple areas including the network perimeter, websites and email,” says Mayleen Bywater, Vox Senior Product Manager (Cloud Security Solutions).
Daniel Jacobs, Vox Senior Product Manager (Cloud Computing) adds, “SME clients are most at risk because if they get hit by a full data breach, they could lose their entire customer base and have no choice but to pay the ransom that can cripple their business.”
That’s why both Mayleen and Daniel insist that the only way to effectively respond to these threats is with a fully-integrated security and backup strategy.
Mayleen offers her top tips on how to put the correct measures in place to stop data breaches in their tracks, so you won’t have to react to them:
Statistics show that up to 90 percent of breaches come via email phishing, and proactively screening for these types of potential threats helps minimise risk.
Rather than relying on consumer equipment, businesses should turn to more robust firewall solutions that include advanced functionality like web and email filtering, data loss prevention, and management and reporting features.
Actively looking for weaknesses in your network to close vulnerabilities before they are exploited by hackers. Apart from running a battery of tests including network and port scans (manually or automated through software), companies are turning to hiring ‘white hat’ hackers or even offering the public rewards for finding bugs.
A joint study by Google and the University of California that monitored stolen credentials shows that nearly two billion usernames and passwords exposed through breaches are available on the black market. Regularly changing passwords ensures that the integrity of your network and/or data is not compromised.
Depending on the size of your business, this can range all the way from a single sheet to a comprehensive document that deals with anything from regulatory compliance to employee awareness. This policy needs to be regularly updated to keep up with business changes and new threats emerging.
Employees are increasingly being targeted with Hackers using ever more sophisticated methods including ‘whaling attacks’ that are a highly personalised form of phishing that are directed at senior management, aimed at getting them to part with confidential company information.
As much as companies can rely on technology to improve data and network security, training employees to be digitally vigilant is vital to ensure that endpoints do not turn into the weakest link in the cybersecurity chain. This is especially important as work concepts such as enterprise mobility and ‘Bring Your Own Device’ gain in momentum.
Despite best efforts and effective secure measures in place, data breaches can still happen. “The breach could be internal, someone could steal a database and allow a breach, or the individual or company’s email could have been compromised,” says Mayleen.
“That’s why you need a backup plan as protection of your data is two-fold,” adds Daniel. “, Ensure your data is protected so that if something should happen, you are sufficiently armed with the right tools to take the correct and necessary precautions.”
Having an adequate cloud backup service will also ensure redundancy in case of data loss through equipment failure, accidental error, data corruption, natural disasters etc.
“If your perimeter, mail, or endpoint are compromised or fail, your backup gives you that sense of assurance that you can restore your data and continue to work without having to pay a ransom or meet the hackers’ demands,” says Daniel.
Another perk of backup is, because the data is encrypted, it’s unlikely that it can and will be hacked. Also, best practice calls for data backups to be held offsite, and away from your main network. Turning to the cloud for backup and disaster recovery is the most viable option as it further guarantees your information’s safety.