2015: Another Record Year of Data Breach, What Your SMB Needs To Know?

The year 2015 is expected to be a particularly tough one for small and medium size businesses (SMBs) as the escalating threat of cyber security crimes threatens to engulf the business landscape. SMBs are not only unaware of the risks; they lack the resources and expertise to mitigate them.

High-profile cases of cyber security theft of companies such as Apple and Sony last year stirred up a rigorous debate over the eruption in cyber crimes and the steps governments, thought leaders, and IT department managers alike can take to ensure that the integrity of companies in this regard, is protected.

A report published by Verizon titled “2015 Data Breach Investigations Report”, sheds light on the growing sophistication of data breaches in companies in 2014 and some of the issues that exacerbate the threat level.

Report details

The report from Verizon unveils the eye-opening reality of cybercrimes and how many of the poor cyber security standards have gone unnoticed for several years. This report reveals the following statistics from last year:

  • A total 79,790 security incidents have been recorded
  • A total of 2,122 data breaches were confirmed
  • Top targets of cyber attacks were in public and financial services companies
  • Phishing attacks are on the rise

The statistics reveal astonishing facts about the poor security infrastructure in companies that has allowed malicious software to run rampant within their systems, undetected. The rise of phishing highlights the fact that companies and the security industry alike have not been able to adjust their security codes and systems over the years.

Hackers have thus been able to exploit their negligence by being able to compromise the data integrity of companies in far less time. The report mentions how many of these poor security breaches have escaped the eyes of security experts for the last 8 years, almost a decade. This finding coincides with a report from SOPHOS titled ‘Security Threat Trends 2015’ which highlights how major flaws have not been addressed for the past 15 years.

It is for this reason decades-old phishing exploits constitute nearly one-fifth of all reported incidents. Furthermore, the weak security standards have also shown to prolong the time it takes to discover a security breach. In 60% of all cases, cyber criminals managed to hack into a company’s confidential data records within minutes.

Therefore, SMBs are left with major security challenges if they do not take active steps to curb these security threats.

What SMBs can do to counter data breaches?

As calamitous as the report findings might seem, there are various methods SMBs can implement to curb the threat level.

Staff awareness is crucial

One of the ways SMBs can address the rising threats of security breaches is through educating its staff on the imminent nature of threats and teaching preventative measures to quell any possibilities. E-mails have become an easy source for malicious software to infect data, despite improvements in data security.

The notorious incident involving US President Barack Obama’s emails, which were hacked and read by Russian hackers last year, shows the extent to which e-mails can be a gateway for security breaches.

Thus, it should be company policy for employees to get security training that would involve increasing their responsibility for identifying and avoid opening junk e-mails and to always scan for viruses before opening them. Other considerations such as regular page refreshing can also be cultivated in the workforce, along with rewarding successful employees with prizes to instill a reward mechanism in departments.

Upgrade anti-virus software

Contrary to what many would think, anti-virus software is still beneficial in tackling most online threats. Verizon’s report highlights that anti-virus programs are slow to update their malicious software tracking codes. This causes viruses such as malware to be updated far more quickly and escape the threat detection software in many anti-virus programs.

“We continue to see sizable gaps in how organizations defend themselves. While there is no guarantee against being breached, organizations can greatly manage their risk by becoming more vigilant in covering their bases. This continues to be a main theme, based on more than 10 years of data from our ‘Data Breach Investigations Report’ series.”

–Mike Denning, global security vice president, Verizon Enterprise Solutions

Firms thus need to invest in implementing better anti-virus programs as a way to counter the risk of security breaches.

Consult a network security consultant

SMBs can also resort to seeking expert advice from a network security consultant to learn more about the different ways their organization can protect themselves from security breaches.

“In 2014, DDoS attacks became much more sophisticated. Though much of the reporting focused on the size of attacks, a more troubling trend was the advancement in attack techniques”

–Barry Shteiman, Imperva

Upon expert advice, companies can help identify the hidden and unusual channels through which cyber criminals compromise data security and the protocols and IT systems they can employ to fortify their business operations.

Bottom line

2015 will prove to be another tough year as SMBs and large multinational corporations alike face the brunt of the growing cyber security risks. However, as multiple stakeholders begin to realize the nature of the impending risks, counter-strategies in the form of newer government legislation and security systems, can be expected to be better sources of protecting confidential data of firms.