Threat actors are lazy. They will not break a window when they can find plenty of houses with the front door wide open. They’re always looking for low hanging fruit to gain access to their target’s network. That’s not to say they’re not skilled and capable of breaking through even the most sophisticated security program. However, when the same result of three months of probing for vulnerabilities can be achieved through a phishing email or an employee reusing their email across multiple sites, why would they work harder than they need to?
This learned behavior exists because so many organizations allow threat actors take the easy route to their data. These repeat victims either don’t or won’t take the necessary steps to at least make them work for their ill-gotten goods. And we’re not even talking about a major security overhaul, just simple, everyday actions that can have a major impact on security risks.
To further illustrate this unnecessary risk, consider that more than 90% of data breaches are preventable and are mainly due to a lack of a comprehensive cyber security strategy.
Luckily, in this case, a simple problem requires a simple, almost common sense solution: put security first.
By prioritizing security in everything thing you do, you’ll remove those “low hanging fruit” vulnerabilities. Here are some steps organizations can take to prevent a data breach:
- C-suite level executives should take leadership on the matter of security and be more hands on in the process. Research has shown that cyber security strategies are more successful when leaders at the highest level of the organization are proactively engaged.
- Educate employees on cyber security good practices and their responsibilities for securing the corporate environment.
- Train employees on common social engineering and phishing threats and how to respond to them.
- Adopt strategies to deal with insider threats which represent about 90% of data breach authors. While regular training can help with negligent employees which represent 70% of attacks, specific approaches are needed to address malicious actors which represent 29% of data breach authors by monitoring for example employees presenting poor performance.
- Build a cyber incident response and recovery plan ready in the case of an attack to minimize data loss and restore business activity.
None of this should sound groundbreaking and hopefully, you’ve already implemented some of these practices within your organization, it’s just that these can’t be overstated. Each of these will make you a bit more secure, especially when combined with the protection from a security provider.
At Armor, we understand the challenge you face when securing your data, that’s why we work closely with each of our customers to develop proactive approaches to defending their sensitive and regulated data from constantly evolving threats.
Together we can make security harder for threat actors, not the other way around.