Threats that affect data breach preparedness

Published: March 22, 2019 by Michael Bruemmer

If you attended RSA Conference 2019 in San Francisco, one of the largest cybersecurity conferences in the world, you probably heard a lot of chatter surrounding third-party security risks, the skyrocketing number of endpoints and the lack of visibility of what users are able to access, and concerns that cloud security isn’t keeping up with cloud innovation.

The chatter surrounding these issues isn’t surprising. They are three top concerns affecting data breach preparedness, according to a report released by Experian and Ponemon Institute. The “Sixth Annual Study: Is Your Company Ready for a Big Data Breach?” stated, “respondents continue to recognize the difficulty in dealing with the lack of visibility into end-user access of sensitive and confidential information and proliferation of cloud services as serious barriers to responding to a data breach.”

Barriers to Responding to Data Breaches

When asked what they consider the biggest roadblocks to improving data breach response, the lack of visibility into end-user behavior, the rise of cloud services, and a lack of security practices in place for third-party access stood at the top of the list of concerns; however, it appears that organizations are slowly working on their preparedness efforts in each of these situations. In 2016, for example, 73 percent said end user visibility and behavior was a barrier to positive data breach response, but in 2018, that number is at 63 percent—still high, but it is less of a concern. Cloud security and third-party risks had similar drops. But it raises this question: is it because of internal efforts to address these vulnerable areas or is it because new areas are moving into the picture.

There has been a slight increase in the numbers who say the proliferation of mobile devices and the lack of understanding surrounding unsecured IoT devices are creating barriers to data breach response success. This is not surprising, considering that both mobile and IoT incorporate end-user access, cloud services, and often third-party access, as well as bring their own sets of issues. Phones are easily lost or stolen, and we’re still early in learning how much data IoT devices generate.

Ransomware Gets the Headlines, But Spear Phishing the Real Problem

The report also found that most companies have no confidence in their ability to deal with ransomware or spear phishing attacks. “Despite efforts to educate employees about the threat of ransomware and spear phishing, only 21 percent of respondents are very confident in their ability to deal with ransomware and only 25 percent of respondents are confident about their ability to minimize spear phishing incidents,” the study stated.

Also, more companies have been impacted by a spear phishing attack than by ransomware. Although ransomware has made a lot of headlines over the past couple of years due to loss of service due to high-profile attacks, this type of malware has actually been on the decline. According to security company Check Point, only four percent of global organizations reported a ransomware attack in 2018, compared to 48 percent of organizations in 2017.

Phishing, on the other hand, continues to climb sharply. A report from Microsoft revealed that phishing attacks increased 250 percent from January to December 2018. Spear phishing takings phishing scams to a higher level. The email appears to come from a trusted source, like a co-worker or vendor, and it usually includes information that is meaningful to the recipient. Spear phishing attacks use tactics such as domain spoofing (email address and website domain match), user impersonation, credential requests that look legitimate, and malicious attachments the user downloads, thinking it is from a known source. It’s no wonder, then, that the Experian data breach preparedness report found 69 percent of respondents said their organization was negatively impacted by spear phishing attacks, compared to 38 percent who said  they were impacted by ransomware.

More Organizations Preparing for Ransomware Attacks

Even though companies are reporting fewer ransomware attacks and only about one in five organizations feel prepared to address attack, they recognize that they need to take action before disaster strikes. That’s why more organizations reported they are increasing data backup and developed continuity plans to address potential network outages if a ransomware attack occurs,

There is also a steep rise in employee education efforts. The number of respondents who said they are educating employees on ransomware risks has doubled from 2016 to 2018. Overall, the attitudes toward ransomware have clearly shifted over the past two years.

Improving Preparedness by Sharing Information

Technology that makes our work lives easier also not only increases our risk of a data breach but also how well we can respond to them. One solution to improve data breach preparedness is to share information about data breach experiences and incident response plans. “Fifty-one percent of respondents say their organization participates or plans to participate in an initiative or program for sharing information with government and industry peers about data breaches and incident response,” the report said. This is one area that has stayed consistent over the years, as organizations see the benefit in discussing the threat environment to improve their own security posture. In fact, companies that did not report being the victim of a data breach are most likely to participate in programs that share and disseminate cyber information.

Data breaches will continue to happen; the bigger question is whether you are prepared to respond. Knowing the vulnerable points in the organization and sharing information with peers will help improve your overall preparedness stature.