Enterprise Cybersecurity: Why companies should not underestimate security risks
Large corporations spend million dollar budgets on information security systems and dedicated IT security teams. Still, most companies don’t pay sufficient attention to cybersecurity. If the breach threat can’t be eliminated completely, minimizing risks is something that should be taken absolutely seriously. In the following blog post, we’ll discuss what our company often has to explain to our clients in terms of data security and mitigating risks to be hacked.
Briefly, the current situation with enterprise cybersecurity is the following:
- The majority of companies use e-mails virtually for everything, so if anyone gets access to the email server, all commercial, organizational, and personal data can appear on the Internet altogether. E.g., Japan’s Pension Service was hacked in 2015, with an external email virus accessing JPS staff computers and stealing 1.25 million cases of personal data (names, ID numbers, birth dates, addresses etc.).
- Many companies use at least some online services to interact with customers or partners: contact/information requests, orders tracking, etc. As soon as a third party service is hacked, tons of customer-related data, including personal data, can leak. The best recent example is Experian server breach, when 15 million T-Mobile US consumers got their personal data (names, driver license numbers, social security numbers etc.) stolen. What’s even more shocking about this very case in particular, is that the breach existed for at least 2 years, completely unnoticed by Experian’s security specialists.
Unfortunately, bad news doesn’t finish here. Too many people believe that hackers are exceptionally clever, highly technically competent guys, creeping in their garage labs stacked up with futuristic gadgets, quantum computers, and alien technologies. It is not really so. Not anymore. Malicious programs or scripts are widely spread and available for download from the Internet. There are thousands of well-known vulnerabilities in commonly used software. Moreover, with powerful PCs and laptops being relatively cheap, anyone can be a hacker these days. As a result, hacking becomes an extremely low hanging fruit. In fact, any teenager can get hacker’s tools from the Internet and hack your site/email/etc., merely to have fun or out of curiosity. You don’t need to be a “big fish” nor have powerful enemies to become a hacker’s target these days.
Nevertheless, the higher your position is, the more you’re exposed to risk. For example, in 2015, CIA director, John Brennan’s personal email was hacked by a high-school 13-year-old teenager, who was using tactics of social engineering to access Brennan’s personal data. This story became a worldwide scandal, not only affecting the credibility of the US government structure but also showing how even kids can exploit vulnerabilities nowadays.
There is good news as well. Since many companies suffer from such threats, other companies have created tools and practices for protection against attacks. There’s no need to become a cybersecurity professional yourself or develop your own protection system, which might both consume too much time and resources while still leaving your company vulnerable. It’s possible to get your data secured as a complex of services from a third party provider. We know what IT threats are around and how to protect against them. We deal with these issues on a daily basis. Moreover, we’re happy to share this knowledge and to help our customers.
However, the matter remains – too many people are still too naïve and uneducated about cybersecurity and existing threats. Educating company employees about cybersecurity and bringing up corporate security culture are the first steps to be taken. While the ultimate goal is to make everyone realize that no one can go without protection these days, it’s not only about education – it’s a call to action. Better to go through regular preliminary check-ups – the same way one takes vaccinations against illnesses – it’s much cheaper and less risky than fixing life-long problems afterward
About the Author
Mike Sikalo, Infopulse EVP Germany, is a seasoned IT professional who has been working in the IT industry for over 20 years.