Are data breaches mundane now?
For we who cover the field of data security, its incidents and trends, it is interesting to reflect on how much certain things have changed in just a few years. I talked about this last time, but the constant inundation of data breach headlines has altered how people conceive of these stories. What once was breaking news, a rare phenomenon, might now barely qualify as a blip on the radar. Heck, when researching ideas for writing, I see plenty of news alerts on fairly sizable data breaches that, by this point, I quickly skip over as too mundane.
This can have a negative impact, of course, for consumers who start to tune out breaches that might affect them, or for business leaders who view something like encryption as an effort that requires the bare minimum. As Information Age explains, for example, without a comprehensive, overarching strategy that includes centralized key management, a company is not adequately prepared for the risks of the modern digital landscapes. Data exists everywhere, no longer just across a single network, but in cloud environments as well. Naturally, this also means data is easier than ever to lose, to become compromised either by accident or intentionally. Approaching this issue is obviously challenging, but organizations can be aided by centralizing encryption management and keeping their keys from being scattered throughout the enterprise.
This sort of adaptation to new cyber realities is necessary, because the same evolution is happening on the other side. Malware is always undergoing its own changes, and a new breed that has experts’ attention is known as ‘fileless’ malware. Whereas malware strains generally involve infected files, this new type is injected directly into a system’s RAM (random-access memory) or its registry. This allows fileless malware to cloak itself from traditional antivirus solutions while leveraging a company’s legitimate tools and applications.
Security Boulevard has a comprehensive rundown on fileless malware here, including possible ways of protecting against it. One figure of note, according to a recent Ponemon report, is that ‘fileless’ is almost 10 times likelier to succeed in attacks than traditional malware.
Persistent cyber risks like these preclude any sort of apathy induced by headline fatigue, in my opinion. Though not every story warrants extensive coverage these days, organizations still must continue to combat constant attempts to infiltrate their systems and steal their data.