Digital Trends has an article about a recent security breach that resulted in the loss of 58 million personal records.
As if that’s not bad enough, the article claims nearly 3,000 reported security breaches so far in 2016 of 2.2 billion records.
Those numbers are astronomical!
And what’s more, it specifically says, “publicly disclosed” attacks. Those numbers aren’t even counting the potentially thousands of breaches that aren’t publicly disclosed or aren’t even known.
This is scary stuff.
Security breaches are on the rise because hackers have become more and more sophisticated and our security measures aren’t keeping up.
The two main reasons our security isn’t keeping up is because:
- People and companies aren’t taking their information security serious enough
- Too much of information security still relies on individuals doing the right things
Unfortunately, both of those are tough to fix.
Many companies do not take information security serious enough until they’ve suffered a breach.
Good information security is not easy. It takes time, planning, knowledge, attention to detail, testing, and money. But most of all, it takes a commitment and that commitment part is often the hardest of all. When your network isn’t being hacked and hasn’t been hacked yet, it’s easy to think the need to put resources towards information security isn’t that great.
“It can wait” or “It’s good enough for now” or “It’s not my highest priority right now” are common thoughts. And that’s what happens, information security waits while other things take priority.
And it’s only once it’s too late and the network has been hacked, that management realizes they should have taken it more seriously.
The other part of the equation is users. The computer users are critical in defending against certain types of attacks. (Phishing attacks are an obvious example.)
If outsiders are emailing your staff and tricking them into clicking on things in their email that open up your network to the attackers they’re undoing all the other hard work that’s been done to secure the network.
All the money in the world can’t keep your network secure if the attack is in inside job by one of your employees. Even if that person didn’t mean to be an accomplice, their lack of security understanding or training in an Achilles heel for your network security.
Network security has to evolve or the attacks will be more and more devastating and more and more successful in the future.
Businesses and IT directors have to take information and network security more serious and realize that it’s not something you do once “secure the network” and then forget.
Staying secure takes vigilance and continued commitment, effort, and investment.
And don’t forget to train your staff while you’re at it.
– Weston Henry
Has your information ever been exposed as a result of a security breach somewhere else?
How sure are you that your network is secure and you’re taking appropriate actions to keep it secure in the future?