Don’t Learn You’ve been Breached from Your Customers
How would you like to learn that your company’s network has been breached from a customer, a business associate or even the FBI?
Unfortunately, most companies – 61 percent according to the U.S. Secret Service – find out they’ve been breached from an outside source and usually months after the initial breach.
Many computer security breaches occur today because of the time lag between discovery of a vulnerability and installation of security patches. Firewalls, intrusion prevention systems (IPS), and even anti-virus systems are core components of network security best practices, but they are also pieces that can be comprised by hackers, given enough time and motivation.
Simply stated: traditional anti-virus/anti-malware vendors continue to lag behind online criminals when it comes to detecting and protecting against new and quickly evolving Internet threats.
Traditional security protection alone is not enough. While conventional security assessments are a necessary part of a good network security plan, they only remediate vulnerabilities found during the testing. Few organizations determine whether an attacker successfully exploited the vulnerability during the time frame of exposure before remediation occurred.
A Data Breach Threat Analysis (DBTA) can remedy this oversight.
A DBTA proactively identifies:
- The types of attacks
- The origin of the attacks
- Whether an attacker was successful in exploiting that vulnerability
In 2013, a report by the Center for Strategic and International Studies estimated that, worldwide, the total cost of cyberattacks reached about $100 billion annually in lost revenue, fines and loss of reputation.
Smaller business have become easier targets for cyber criminals due to their limited budgets and staffing. This leads to issues implementing security and (an increase in) the man hours to apply security patches in a timely manner. Smaller businesses often are unable to keep software updated and do not have the staff to maintain a good security posture.