Hacks, scams, and breaches are not stopping, which means your info could be stolen next
Not everyone likes horror movies or scary stories. But everyone should be freaked out about the lack of cyber security that is putting their personal information at risk.
Most companies aren’t prepared for data breaches, as more than half of U.S. companies have been hacked, according to solutions and consulting firm Munich Re. And many IT departments that are supposed to deal with these hacks don’t have the tools to combat them before (and after) they happen, according to IT workers in a recent SailPoint survey.
The Munich Re survey says that 53 percent of American businesses have had a cyber breach in the last year — now that’s scary. Those breaches have cost companies thousands of dollars to investigate each attack, replace the hardware and software that was attacked, and attempt to increase security so it doesn’t happen again. Almost 40 percent of companies that were hacked spent $50,000 in response to the breaches. Seven percent spent more than $250,000.
And what they’re paying for isn’t just a flaw in the system, it’s the huge impacts on their customers: 60 percent experienced data loss and 55 percent had business interruption, or when work had to stop in order to tend to the breach.
So what’s the biggest risk behind the attacks? Most business leaders say disgruntled employees (45 percent) and hackers (37 percent).
Speaking of disgruntled employees, IT workers say they have unintentionally become the party responsible for stopping and fixing cyber attacks, but oftentimes, they don’t have the resources to do so.
In the SailPoint survey, 54 percent of IT professionals say that non-IT departments bring the most risk for data breaches into the workplace.
“Using unsecure mobile devices and adopting unmonitored SaaS applications are two examples of such risky behavior,” the survey says. “While the majority of these risks are being created outside of IT’s view, it is still IT’s responsibility to mitigate the risks associated with them.”
Information technology professionals say one of the biggest solutions would be for companies to have better policies in place across the company for non-IT workers to follow.
“While organizations may create policies to govern access that help secure the enterprise, there is often a disconnect between what is defined as policy and what is actually enforced,” SailPoint says. “Enterprises need to better enforce corporate security policies company-wide.”
Because IT pros (and companies at large) don’t have solid policies in place, service provider Infoblox says companies aren’t prepared for cyber attacks.
“While we found that DNS security is one of IT and security professionals’ top three concerns, the vast majority of companies are ill-equipped to defend against DNS attacks,” says David Gehringer, principal at Dimensional Research, who worked with Infoblox on the cyber security study. “Unless today’s organizations begin moving to a proactive approach, DDoS attacks such as the one on DNS provider Dyn will become more pervasive.”
Infoblox says companies are more reactive rather than proactive: “Before an attack, 74 percent of companies focus on anti-virus monitoring as their top security focus; however, after an attack, DNS security moves to the number one position with 70 percent claiming it is the most important security focus.”
Meet the Author
Article last modified on November 1, 2017. Published by Debt.com, LLC . Mobile users may also access the AMP Version: ID Theft Should Spook You - AMP.