Oops, you’ve been hacked

As it happens, the largest data breach in history occurred just last month.  Spam operator River City Media had an email leak of a whopping 1.37 billion addresses.  After that, 1.2 billion user credentials stolen by Russian hackers in 2014 are next on the list.

The pace of cybercrime on this massive scale is increasing; cybersecurity spending, however, while also improving, is not keeping up.  A recent study by Juniper Research shows the results.  Cybersecurity is costing companies more and more each year (30% increase annually), but increases in spending to combat the threat hover around 8%.  The study’s ultimate conclusion is that the global cost for business data breaches by 2022 will total $8 trillion, which is almost half of the United States’ current national deficit.

One of the problems they note is that it can be hard for a company to find a solution that is easy to integrate into the existing ecosystem.  Not only that, but often enough these solutions demand a high level of expertise and complex management.  When you also factor in overhead costs, it’s no wonder that organizations have trouble finding the right fit.

Juniper’s primary emphasis and recommendation, as is increasingly the case, is machine learning capabilities, AKA artificial intelligence, especially for small-to-medium size enterprises.  I’ve covered this emerging trend before, the main advantage of which is its ability, surpassing that of human maintenance, to monitor networks, establish normal baseline behaviors, and detect anomalies in that framework from users, whether they are authorized or not.  This is simply something an AI can do more efficiently than a human being.  With this technology on the rise, it looks to become a formidable preventative measure for any entity using it.

Let’s not forget, though, that no matter how capable the outer fence is, it means absolutely nothing once the attacker has already broken through.  Far too many organizations, on that note, still fail to encrypt their customers’ personal information.  As a result, those who get past perimeter defenses find their target waiting clear, legible and valuable.  The imperative advantage encryption provides is that it makes it unreadable without an encryption key, thus foiling an intrusion.  One of the highest profile demonstrations of this was the Sony hack of 2014, which involved the release of all that unsecured information.

There are, of course, additional measures organizations can and should take, such as staff training and response policy formulation.  Ultimately, however, consideration will have to be made regarding data security expenditures.  Against such a predicted rise in costs, can you afford not to devote more focus to this front?


By: Jonathan Weicher, post on April 28, 2017
Originally published at:
Copyright: NetLib