Symantec named 2013 the year of the mega breach, and for good reason. More than 1.5 million cyber attacks occurred in the U.S. — a 91 percent increase over the previous year. What Symantec could not have known at the time is that the worst was not yet behind us. Every year more and more companies are falling victim to security breaches due to the ever-increasing quantities, sources and types of cyber threats. Despite this alarming increase, too many companies aren’t making IT security a priority until it’s too late.
Take a look at the infographic below to learn more about the internal and external IT security risks facing our cyber environment — no matter what size your business is.
Image Credit – Keys: Flickr/Richard-G
What’s causing these breaches?
Cybercriminals use many methods used by to gain access to company networks. Among the most popular are phishing and malware. In fact, more than 30 million new malware programs are created each year — roughly 82,000 a day. In addition, criminals are expanding their efforts to mobile devices, creating fraudulent text messages that direct users to infected websites.
That being said, companies aren’t just having to defend their networks from external threats. Negligent employee behavior is also a significant factor in exposing networks to criminals. This behavior can stem from poor employee training, using weak passwords or accessing sensitive data through unsecured WiFi. In fact, over 95 percent of employees who work remotely put their company data at risk by using vulnerable networks.
Who is being targeted?
Most media coverage points to successful attacks on companies like Sony, eBay and Home Depot. Large enterprises often become targets of cyber attacks due to the greater payoff for the hackers. And indeed, the fallout from these attacks can be substantial. As an example, Sony reported its 2014 breach cost the company about $15 million in damage control in addition to the revenue it lost as a result of the attack. However, it isn’t just large corporations that are targeted by cybercriminals.
Many attackers also target smaller businesses, as they are perceived to have (and often do have) less robust security measures in place. According to Symantec’s report, 39 percent of spear phishing attacks are directed at small companies, while only 30 percent are directed at large companies.
Investing in effective IT security
While it’s difficult to identify every contingency, investing in proper IT security can protect against the majority of threats. To start, organizations should ensure that every computer or device on its network is protected with the most up-to-date security software. Remember, more than 80,000 new malware programs are created every day. The cost of investing in this software pales in comparison to the money your company could lose as the result of a security breach.
Another area for concern is mobile devices. The introduction of Bring Your Own Device has led to greater productivity, but the downside is that it’s opened the door to more network vulnerabilities. This rapid increase in mobile device use, coupled with the blending of personal and professional apps on the same machine, presents a cause for serious concern. Address these concerns with mandatory security apps and mobile device management (MDM) measures to ensure control over your network.
Once again, proper employee behavior is an important element in protecting company networks. The best way to increase employee awareness is to offer regular trainings from IT and upper management. This is the perfect time to remind employees of the latest threats and proper security procedures.
You wouldn’t leave the front door of your business unlocked — and ignoring IT security is a much greater risk. Take the time to educate your employees and put the proper security processes in place to make sure your company doesn’t end up at the center of the next public data breach.