Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Get access to immediate incident response assistance.
Get access to immediate incident response assistance.
Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More
Data breaches are such an anxiety inducer because you never know when they're coming, you're often slow to address them - meaning attackers may have full run of your network before you even know they're there, and you may be unsure, at least initially, what the end goal is.
The intruders may be determined to steal personal information, such as credit card and Social Security numbers, that can be used for identity theft. Maybe they're after a different type of data, like intellectual property, which they can leverage for blackmail. Or perhaps they'll eschew the theft goal altogether and just want to surveil or sabotage your operations.
And when data compromises do happen - and they are an almost virtual certainty - they'll deliver an enormous financial blow in terms of downtime, clean-up, lost productivity and sales, customer attrition and more.
Indeed, data breaches are extravagantly costly and take on many shapes and sizes - but they are all addressable by taking generally similar steps. The guidance below is lifted directly from the 2017 Trustwave Global Security Report, and you will notice while there are some technical advisements sprinkled in, many of the recommendations are pretty obvious.
That's because contrary to what movies depict, cybercriminals don't need to conjure up some elaborate plan to infiltrate a target organization. Oftentimes, the front door is conveniently held open for them through, for instance, an unpatched application or a weak password or an employee who falls for a phishing message.
Here's a reality check for your bosses and stakeholders: You can never create a completely fortified environment because risk is always at play. Patching can take days or weeks at a time and cost a lot of money, strong passwords can be cracked or evaded, and human psychology is such that you can never create a perfectly security-conscious employee.
But you can lower your propensity to be compromised and the damage that hackers can cause once they're inside. You most certainly can reduce your exposure while simultaneously growing your ability to respond and restore faster. You just need to be defiant and smarter. The steps below provide a baseline of what you should be doing.
One of the underlying - but not-so-secret - causes of data breaches is the prolonged security skills shortage facing many organizations. Above, we laid out the fundamentals you should be applying at your business to resist breaches, but the fact is your adversaries are growing more sophisticated, which is necessitating an equally advanced response.
Calling in the outside experts is becoming more of an imperative, both as a proactive measure to help you improve your detection and threat hunting capabilities - particularly on endpoints, where attackers typically establish their initial foothold - and also to aid with incident readiness and response efforts.
Dan Kaplan is manager of online content at Trustwave.
Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.
Copyright © 2024 Trustwave Holdings, Inc. All rights reserved.