What can we learn from the top 10 biggest data breaches?
by Armond Caglar - Senior Threat Specialist, TSC Advantage - Thursday, 21 August 2014.
You can’t blink these days without hearing about yet another data breach. While some may be suffering from “breach fatigue” and becoming jaded, we argue that it’s more important than ever to take cyber threats seriously.

The graphic below presents a list of the top 10 biggest data breaches of the last five years. It identifies the cause of each breach as well as the resulting financial and reputation damage suffered by each company. Click on the image for the full version.



Among the top 10 breaches is the well-publicized Target breach, the recent eBay hack and the record-holder for the biggest breach of all time, Adobe. While all of the breaches were rooted in targeted attacks, it’s the specific vulnerabilities that hackers were able to exploit to bypass each company’s security defenses that are notable. For example, two breaches capitalized on insider threats, while a third was linked to poor security. Yet another was the result of unauthorized access to system servers.

These vulnerabilities are common in businesses around the world, but with a holistic and proactive approach to security, organizations can defend against cyber attacks. Below are four important tips to reduce your businesses’ risk:

1. Identify cyber risks in the physical world. Security leaders and company executives must recognize that cyber security cannot be limited to point solutions and must take into account every potential point of ingress, no matter how mundane, across the entire organization in order to successfully thwart cyber attacks.

2. Shut down the insider threat. The insider threat is not always defined by malicious intent, but the impact of a single mistake or unnecessary network access can be catastrophic. Beyond employees, organizations must also consider vendors, suppliers, contractors, partners and every potential access point those third parties touch.

3. Enforce and reiterate policies and procedures. Policies without training are meaningless. Ensure that all employees and contractors understand your policies and conduct frequent training on proper procedures for handling, sharing and disposing of data, using mobile devices, traveling, and the many other potential areas of risk.

4. Don’t be a soft target. Too many companies don’t take preventive action until they’re already the victim of a cyber attack. Every company, regardless of size or industry, is at risk. Those that take proactive steps to ward off a cyber attack may or may not succeed, but they can deflect an attack by making their businesses harder targets.

When it comes to the cyber threat, one thing is certain: there is no such thing as a risk-free experience. No matter how much money is spent on security point solutions or how well fortified a company’s perimeter, if a hacker takes aim at your business, he won’t stop looking for a way in by any means necessary. Those businesses that recognize the seriousness of the cyber threat and are proactive in fortifying their defenses will stand a much greater chance of staying off the next top 10 list.

Spotlight

How to keep your contactless payments secure

Posted on 19 September 2014.  |  Fraudsters can pickpocket a victim’s financial data using low-cost electronics that can fit into a rucksack. Here are the top security threats you should be aware of if you’re using a RF-based card, along with our top safety tips to keep your payments secure.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Sep 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //