“Once more unto the breach, dear friends, once more!”, Shakespeare wrote in Henry V.
Unfortunately, when it comes to the modern “breach” – data breaches – companies can’t afford to simply “try again”. A single attack could mean they go the same way as the French armies in that famous Shakespeare play.
Nearly half of British businesses were faced with a cyber-attack or breach over the last year, according to new research. Clearly, organizations can’t afford to sweep cybersecurity issues under the carpet.
Data breaches can be catastrophic for businesses, both in terms of reputational damage and customer security. Our Cyber Investigators comic story, which focused on a sinister cyber-attack on a social media giant, showed the devastating impact hacks can have.
In the event of a cyber-attack, it is a wealth of data that can be lost, from names, addresses, bank account numbers and sort codes. These could be sold on to criminals on the dark web, which is explained in a separate article “What is the dark web?”
The past few months have seen a long line of cyber-attacks. The mobile network TalkTalk suffered a massive cyber-attack last year, which affected around 157,000 customers and led to a record fine. The tech company, Yahoo, was also the victim of a huge hack, which could have exposed around one billion accounts. What these attacks show is we can’t afford to sweep cybersecurity under the carpet. It must be top of the agenda in the boardroom.
Fortunately, there are steps we can take to minimize the risks of an attack. First, organizations need to use encryption, codifying sensitive data so that even if hackers download it, they can’t decipher it. The keys to unlocking these codes also need to be protected; they need to be changed regularly, while access needs to be tightly controlled. Multi-layered authentication is also a crucial part of any successful cybersecurity strategy. Traditional username/passwords combinations simply aren’t good enough. Organizations need to look at providing employees with additional tokens and even biometric authentication (fingerprints, selfies, iris scanners). You can read more about Gemalto’s unique approach on the Secure the Breach website.
There’s also the delicate issue of when companies disclose a breach. Most attacks happen without anyone knowing, the criminals involved quickly making use of the data they’ve stolen. It’s only when they’re done with it, that they try to sell the data, for instance on the dark web. This is when most companies learn they have been the victim of a breach – and that’s when customers and authorities find out too.
Once the breach has happened, there is very little that can be done.
To conclude, when it comes to enterprise security, it can’t be a case of “we few, we happy few, we band of brothers”. Everyone needs to be taking the subject seriously.