“Once more unto the breach, dear friends, once more!”, Shakespeare wrote in Henry V.
Unfortunately, when it comes to the modern “breach” – data breaches – companies can’t afford to simply “try again”. A single attack could mean they go the same way as the French armies in that famous play.
Nearly half of British businesses were faced with a cyber-attack or breach over the last year, according to new research. Clearly, organizations can’t afford to sweep cybersecurity issues under the carpet.
Data breaches can be catastrophic for businesses, both in terms of reputational damage and customer security. Our Cyber Investigators comic story, which focused on a sinister cyber-attack on a social media giant, showed the devastating impact hacks can have.
When a cyber-attack strikes, data lost can include names, addresses, bank account numbers and sort codes. These could be sold on to criminals on the dark web, which we explained in a separate article titled “What is the dark web?”
There’s been a long line of cyber-attacks recently. The mobile network TalkTalk suffered a massive cyber-attack last year, which affected around 157,000 customers and led to a record fine. The tech company, Yahoo, was also the victim of a huge hack, which could have exposed around one billion accounts. What these attacks show is we can’t afford to sweep cybersecurity under the carpet. It must be top of the agenda in the boardroom.
Fortunately, there are steps we can take to minimize the risks of an attack. First, organizations need to use encryption, codifying sensitive data so that even if hackers download it, they can’t decipher it. The keys to unlocking these codes also need to be protected; they need to be changed regularly, while access needs to be tightly controlled. Multi-layered authentication is also a crucial part of any successful cybersecurity strategy. Traditional username/passwords combinations simply aren’t good enough. Organizations need to look at providing employees with additional tokens and even biometric authentication (fingerprints, selfies, iris scanners). You can read more about our unique approach on our Secure the Breach website.
There’s also the delicate issue of when companies disclose a breach. Most attacks happen without anyone knowing, the criminals involved quickly making use of the data they’ve stolen. It’s only when they’re done with it, that they try to sell the data, for instance on the dark web. This is when most companies learn they have been the victim of a breach – and that’s when customers and authorities find out too.
Once the breach has happened, there is very little that can be done.
To conclude, when it comes to enterprise security, it can’t be a case of “we few, we happy few, we band of brothers”. Everyone needs to be taking the subject seriously.
You can find out more on our dedicated enterprise security webpage.