The data loss and your business

Barracuda’s latest research investigates the main causes of data breaches and the risks you may have in your business, school or organisation. The summary below makes interesting reading…

What does a data breach mean for you?

The research reveals that not all data loss carries the same level of business risk. This matters because it enables organizations to focus their security resources accordingly.

Not altogether surprisingly, financial data tops the list of information that, if lost or stolen, would have the greatest financial or operational impact on the organization. Overall, 43% of respondents named this as one their two highest impact data losses.

Other interesting insights include:

• The loss of employee records has the second highest impact (37%) overall. The margin between second and third place (customers’ personally identifiable information, PII, at 36%) is slim, but it is higher for the largest organizations surveyed (40%). This could reflect the fact that organizations often hold more, and more detailed, sensitive, and confidential information about their employees than about their customers. This could be abused by attackers for extortion, to recruit malicious insiders, leave the business exposed to costly lawsuits and compliance breaches, and more.
• The loss of intellectual property has a greater impact on smaller (30%) than larger companies (21%), possibly because smaller businesses rely heavily on IP for competitive advantage and are less likely to have a broader range of assets.
• The loss of emails and informal chats/texts has the greatest impact on larger companies (32%). This could reflect the risk of advanced email threats such as business email compromise, and the need to keep such records for legal disclosure and compliance.

The main causes of data breaches

Respondents were asked about the root causes of data breaches. The findings show how broad digital attack surfaces have become, with numerous points of weakness that can expose networks and data.

The root causes appear to fall into four categories — people, cyberthreats, supply chain, or system fault/misconfiguration.

They include:

• Employee/contractor activity, whether through negligence (a root cause in 42% of breaches) or malicious act (39%)
• IT security oversights — including unpatched vulnerabilities (34%), errors in the system or operating process (41%)
• Third-party mistakes (45%)
• External adversary — hacking (34%), phishing (39%), and viruses or other malware (49%).

Elsewhere in the study, the findings show that one in six (17%) successful phishing attacks resulted in the loss of sensitive and confidential information, rising to more than one in five for organizations in manufacturing (22%), the public sector (21%), and for respondents from the UK (23%) and France (21%).

Many of these potential break points can be addressed through effective security technologies and policies.

Protecting your data

If around one in every two businesses experienced a data breach in the last year, it is not a big leap to assume that over time every organization will experience a data breach. If nothing else, every organization should approach its data security and compliance as if that were the case.

Regardless of the size of your organization, you can’t go wrong by getting the basics right. These include a robust approach to authentication and access, with multifactor authentication as standard and ideally moving towards a Zero Trust approach.

Your IT infrastructure should feature defence-in-depth, AI-powered security technologies that cover and provide full visibility into your entire attack surface and every entry point, from devices to APIs, cloud assets, and more.

Having single pane of glass solutions, such as Barracuda’s SecureEdge, in place will allow you to be ready to respond to, mitigate and neutralize any threat before it moves further along the cyber kill chain.

Alongside this, you need to continuously back up your data. Ensure that all backup data is encrypted, both while at rest and in motion. Apply the gold standard of 3:2:1 — three backup copies, using two different media, one of which is kept offline.

Employee engagement and training is critical. All employees should understand why cybersecurity matters, the latest threats and scams to look out for, and what to do if they spot something suspicious. This can be provided through Barracuda’s Security Awareness Training.

If you would like to talk about any risks or worries you may have regarding your security, email us at sales@pmddatasolutions.co.uk.