Our data is everywhere. Every time you make a purchase, book a flight, reserve a hotel room, get your oil changed – your personal and financial information is exchanged. Individual consumers can take steps to protect their information and monitor their credit and identity, but ultimately, consumers must provide their information in today’s world to get anything done. It’s a huge responsibility for business leaders to ensure that they protect their consumers’ data. Consumers depend on it.
Unfortunately, though, security breaches are more likely than we may expect. In many cases, they’re also quite a bit easier to achieve than we might imagine. The fact of the matter is this: without proper prevention strategies, it’s not if a security breach will happen at your organization; it’s when and to what extent.
Facing the Facts
There’s no “too big or too small.”
In fact, when it comes to what company size hackers look for, it’s more of a one-size-fits-all model. Why? Because every company has data. In fact, according to Verizon’s 2018 Data Breach Investigations Report, 58% of cyber attacks targeted small businesses. Small- and mid-sized businesses are targeted not for huge payouts, but because they are easier to penetrate.
A recent local example paints the picture perfectly. Ames, IA – home of Iowa State University – announced in late November that a data breach compromised their online parking ticket payment system. Up to 4,600 records, including names, email addresses, home addresses, and credit and debit card numbers, may have been compromised. Nothing like adding insult to injury, right?
Many “hackers” aren’t actually “hacking.”
The majority of attacks originate internally. In fact, the exact number is 75%, according to the Poneman Institute. Not all of these are malice; some are simply human error. But in some cases, malicious individuals only need a username and password that should have been deactivated to unleash millions of dollars of damage. A huge majority of security breaches come from within your own walls. That’s not a good feeling. The good news, though, is that these types of breaches are usually preventable. More on that later.
Detecting a security breach is challenging.
Because of this, it takes a long time. And the longer it takes, the longer hackers have access to your consumers’ information. In Poneman’s 2018 study, the average length of time to detect a security breach was an astonishing 197 days, followed by another 66 days on average to contain the breach. That’s 266 days – 9 months – that you should be concerned about. In the most recent newsworthy security breach at Marriott, unauthorized users had access to the company’s reservation system since 2014.
The costs are astronomical.
It’s no surprise that repairing the damage of a security breach is costly. What’s surprising, though, is just how much. According to Poneman Institute’s 2018 Cost of a Data Breach Study, the average cost of a security breach is a whopping $3.86 million. But it doesn’t stop there. 75% of consumers report that they’ll stop doing business with a company they don’t trust with their data. The average cost of lost business – even after a breach has been contained – is $4.2 million.
It Doesn’t Have to be You
In a world where security breaches are becoming more and more common, it doesn’t have to be your organization. These hackers are only one step ahead of their victims because their victims are one step (or sometimes several steps) behind.
Have an identity and access management solution.
This is the most basic step you can take. Yet many organizations have “mental notes” of which employees and contractors should have access to what, and they grant access on individual, manual bases. Having an automated solution helps you ensure a) you know which user groups can access which systems, and b) access is granted only to those user groups.
Keep your identity and access management solution up to date.
Implementing one isn’t enough. Organizations move quickly; users constantly change; new systems are integrated. Constant upkeep of your system is crucial, and having a third-party expert do a check-up on your solution is the easiest and best way to make sure you maintain a top-notch line of defense.
Invest in real-time identity intelligence.
Identity and access management solutions are absolutely necessary for every organization, and they can offer reporting and system queries. But the best, most advanced way to prevent a breach from happening is to implement real-time data to give you instantaneous insight into your systems. Know which accounts have multiple failed login attempts, which haven’t been accessed for days or weeks, who’s been doing a little more than they should in a given application, and other red flags. Identifying these triggers when they happen allows you to close down those internal accounts that could potentially become a part of the 75% statistic from above.
Let’s put an end to the bad guys being a step ahead. (Or should we say: put an end to the rest of us being one step behind?) There are systems that can be put in place to stop them. But do you have one, really?
Zirous has been implementing successful identity and access management solutions for nearly a decade. Our team of experts understand how to implement the technology – but more importantly – how to understand your business to create the best solution possible. From initial implementation to upkeep to real-time alert detection, it’s important to have a skilled partner to help you protect your consumers.