No matter the industry, whether in finance, a ransomware breach of a Canadian construction company, or farming in Australia, the threats posed by compromised data is the same. The recommended preventative steps likewise cut across all sectors. Backing up data, implementing safeguards against phishing attacks and ransomware, and educating employees on best practices remain universally beneficial in this fight.
Wherever the data, hackers will eventually turn their eye to it in hopes of profit. Statistics from BigCommerce reveal that that average cost of a breach last year was $150 million. This is why backing up data in the event it gets compromised or locked down is crucial. This is only part of the story, however. Ransomware continues to evolve in sophistication, as do the methods of its deployment and the strategies of its users. Ransomware was responsible for the previous year’s biggest reported breach, involving the data vendor Blackbaud. In recent years, some cyber criminals have also upped their hostage taking by threatening not only to withhold an organization’s data without the ransom payment, but to release it publicly. Besides backing up, then, this also necessitates a new effort at detection and prevention beforehand. Keeping the intruders out becomes just as vital as maintaining a strong incident response plan.
What further helps between both fronts is encryption. By encrypting the data, it ensures protection if the perimeter defenses are breached. With the proliferation of attack vectors, from computers to mobile devices all connected to networks, rendering data useless as a hostage for hackers.
Training people to be ever vigilant is another must. Phishing attacks are the most prominent example of how employees can stumble into a massive breach for their organization. Remote working and connected devices have multiplied the potential vulnerabilities; all it takes is a single error to risk everything. Clearly outlined policies, guidelines and permissions can provide some assistance here, and stymie attempts at social engineering of staff.