How New Technologies Aim to Prevent Data Breaches
Imagine that you own a small healthcare business and receive an email late at night from a hacker demanding a ransom. You rush into the office and discover that every computer on your network has been encrypted — and you haven't backed things up in months. If you're like most small businesses, the ransomware attack could be enough to put you out of business.
The average total cost of a data breach is nearly $4 million, according to IBM's 2019 Cost of a Data Breach Report, with an average of 25,575 records compromised. In addition to the devastating financial loss, data breaches can affect an organization's reputation for years and trigger regulatory fines, remediation penalties and lost business.
Let's take a look at how new technologies are helping to prevent data breaches and how you can deploy them in your organization to level up your security.
The average cost of a data breach is nearly $4 million with an average of 25,575 records lost — are you prepared for the most common attacks?
What Causes Data Breaches?
There are countless potential causes for a data breach, ranging from a malicious employee to a state-sponsored attack, but there are some common threads. By looking at the most common causes of a data breach, you can come up with a plan to protect against the most likely attacks.
Verizon's 2018 Data Breach Investigations Report looks at real-world data breaches and security incidents to identify the most common causes of data breaches each year. The report provides small businesses with a starting point for implementing security measures.
The report identified six common data breach causes in 2018:
- Criminal hacking - 48%
- Malware - 30%
- Human error - 17%
- Social engineering - 17%
- Privilege misuse - 12%
- Physical actions - 11%
In the case of criminal hacking, Verizon notes that most cases involved stolen credentials purchased on forums or through data brokers rather than SQL injection or other code-related hacking attacks. Distributed denial of service (DDoS) attacks were the most common type of “criminal hacking” attack vector given its widespread prevalence.
It's worth noting that roughly half of all attacks were carried out by organized criminal groups and a third involved internal actors. In terms of targets, one-quarter of attacks targeted healthcare organizations and 58% of victims were small businesses that can ill-afford the costs of a data breach. More than 10% of attacks were carried out by state-affiliated actors.
Many preventable cybersecurity attacks arise from outdated software or firmware. For example, small businesses that don't regularly update their routers' firmware could be vulnerable to attacks, whereby hackers scan network devices for known vulnerabilities that haven't been patched. These vulnerabilities are often the entry point for a larger attack.
Download our data breach audit worksheet to learn if your business is safe from common attacks.
Cloud-based software is always up-to-date since the application is hosted on a remote cloud server. For example, Microsoft Office 365 and Google G-Suite enable companies to move their entire email and network infrastructure into the cloud and worry less about keeping physical servers up-to-date with the latest patches and updates.
Jungle Disk applies these same principles to cybersecurity. For example, our Active Network Protection product provides real-time protection with instant over-the-air updates. You don't have to worry about updating networking equipment firmware or keeping anti-malware software up-to-date with the definitions and signatures.
Our Active Network Protection mitigates criminal hacking by keeping networking equipment up-to-date, as well as protecting against malware and phishing (social engineering) threats by keeping definitions and signatures up-to-date.
There's no doubt that password security is abysmal both inside and outside of the workplace. In a recent survey, Google found that fewer than 40% of respondents used letters, numbers and symbols in their passwords and only 23% realized that password length was important. Most respondents were also unfamiliar with password managers, 2FA and phishing attacks.
Biometric authentication provides a much easier solution that avoids the need for passwords. By looking at unique biological features of a user, such as a fingerprint, face or eye, these technologies can accurately authenticate a user with almost no room for error.
For instance, Apple's iPhones contain facial recognition and its MacBooks include a fingerprint reader to handle authentication. When combined with Apple's built-in password manager, users can create strong passwords once and login with a touch or glance.
The problem for many companies is that it’s challenging to share passwords between colleagues using these technologies. Using solutions like TeamPassword, you can enforce password security and easily share passwords between employees. You can combine the password management with two-factor authentication to improve security, while easily using the passwords via a convenient Chrome browser extension.
Physical Security Keys
Many people believe that two-factor authentication is a sure-fire way to remain secure. After all, how could a hacker ever gain access to your smartphone without stealing it?
Don't forget to download our Data Breach Audit Worksheet to learn if your business is safe from common attacks.
Unfortunately, Twitter CEO Jack Dorsey's hacked Twitter account demonstrated that two-factor authentication isn't a guarantee against attack. Hackers committing SIM fraud call up a cell phone carrier and impersonate victims to get a new SIM card issued. They can then intercept text messages containing two-factor authentication codes to bypass those measures.
Security keys, or hardware tokens, are among the most secure alternatives for two-factor authentication. Since they cannot be duplicated, it's impossible for hackers to gain access to them without physically stealing them. In fact, Google found that requiring hardware tokens for its 85,000+ employees successfully ended phishing attacks.
Artificial intelligence (AI) may be a buzzword when it comes to developing human-like general intelligence, but the technology has already dramatically cut down on cyber attacks.
Modern networking software leverages artificial intelligence and machine learning to identify malicious traffic. For example, a firewall may compare traffic meta data and payloads to repositories of variants of known threats to understand and identify malware. Or, it could apply unsupervised AI to network traffic to detect anomalies.
At the same time, Google G-Suite and other software providers are leveraging AI to help filter out malicious attachments and phishing attempts before they reach users. Google blocks more than 100 million phishing emails every day, while Google Safe Browsing protects four billion devices from phishing and other malicious websites through AI-based threat identification.
The Bottom Line
Data breaches are becoming increasingly prevalent and costly — especially for small businesses. Fortunately, new technologies are making it easier than ever to mitigate risks and prevent attacks. Small businesses should consider adopting these technologies as a low-cost way to reduce potentially catastrophic data breaches.