What have we learned from the mountain of data breaches we’ve seen in 2016?
We’re still getting spear phished, and attacks are becoming more and more sophisticated.
In Wednesday’s web conference, we heard from four speakers on the importance of education and awareness from their differing fields.
Erich Kron, Security Awareness Advocate at KnowBe4 says, ““Train everyone from the boardroom to the lunchroom; everyone who has a computer has to be trained.”
He explains that 91% of successful data breaches started with a spear phishing attack. Even worse, when an someone is successfully phished, 54.91% of users clicked on the link in less than an hour of receiving it.
Taking the time to question suspicious material and/or run it by someone else can literally save your business.
This year we’ve also seen a shift in the type of data that cyber criminals are going after. It’s not just enough to have sensitive data; they want access to the source itself.
Aliki Liadis-Hall, Director of Compliance at North American Bancard says that now, “bad guys are looking for the longer payout.”
She advocates for changing the culture of security by making sure that people are aware of the problem. Otherwise, breaches are just costing companies more money and it’s trickling down to the end user.
She says, “finding a way to explain it from a monetary perspective may help you get the budget that you need,” for security professionals who are frustrated by bosses who don’t understand the risk.
Shawn E. Tuma, Cybersecurity Attorney at Scheef & Stone, L.L.P. says, “Security and IT protect companies’ data; Legal protects companies from their data.” It’s not enough to have your data protected these days. You also need to be protected legally should something occur.
2016 saw an evolution of what legally constitutes as a data breach. A lot of professionals aren't keeping track of what is a breach under the law, and what triggers having to tell customers. Not every incident is classified as an actual breach.
"You don't drown from falling in water, you drown because you don't know how to get out," Tuma explains. Having an incident response plan that’s going to be easy to flip through should an attack occurs is how you’re going to get out when the building is on fire.
Check out his incident response plan checklist to see how yours stacks up.2016 may have been year of the data breach, but that trend doesn’t have to continue. Proper (and regular!) training, having a plan in place, and knowing what the risks are will help in the fight against hackers once and for all.