Recent high profile security breaches have served to emphasize the importance of effective data protection. The IRS data breach earlier this year has now been estimated to be 200% worse than first thought, exposing the personal details of over 330,000 taxpayers to a criminal network. Another breach at the health insurer Excellus may have compromised ten million customer account details. Both attacks put into context the importance of ensuring digital security mechanisms, especially as it costs a company over $150 per record lost to put right – and that’s before the cost to customer loyalty is considered.
Cyber attackers actually targeted Excellus in 2013, gaining access to client contact details and social security numbers, but the breach was only discovered last month. This is part of a growing trend targeting healthcare providers, with Anthem Insurance breached at the start of the year and the medical records of almost 90% of South Korea’s population compromised in the summer.
But it’s not just health industry companies in the firing line. U.S. government departments have also been targeted. Alongside the IRS breach, the Office of Personnel Management revealed in July that 21 million former and current government employees’ background check records were stolen. One upshot is that the U.S. Senate is now considering proposals to draft legislation forcing organizations like the IRS to upgrade their security mechanisms.
Businesses must recognize that whilst such colossal infiltration attempts are unlikely, cyber-attacks are bound to happen. Their success depends on the level of security preparation undertaken.
There are a number of important steps businesses can take to identify threats and nullify their impact. Here are our top three things to consider:
Identify data likely to be vulnerable to cyber-attacks and encrypt it. No matter the environment, whether it’s within physical networks, virtualised environments, the cloud or in motion, encryption obscures and protects vital information.
Integral to an effective security strategy is an efficient crypto management system. Keys should be kept in a separate space from the encrypted data and access must be strictly controlled. A sensible idea might be to rotate keys regularly.
Ensure you know who has access to your data and that those users are authentic. Access levels should be clearly defined and a system should be established for provision, management and reporting on user groups.
Data breaches are going to happen, and our Breach Level Index shows that every type of industry can be targeted. It’s important to prepare for them and work to protect sensitive information. To find out more about our approach to enterprise security, take a look at how we Secure the Breach.