It’s no surprise that the motivation for data breaches is financial. According to the 2020 Verizon Data Breach Investigations Report, 86% of the 3,950 breaches were financially motivated.
By allowing just one unapproved user to gain entry to a corporate network, a data breach can occur, leaving the organisation vulnerable to data loss and theft.
A data breach can also cause reputational damage, too. Companies that have been the victim of a breach must inform their customers that their data has been compromised, spurring additional headaches or even legal consequences.
Exacerbating the situation is the proliferation of devices, applications, and networks that an enterprise must deal with under Covid-19. With employees, contractors, and partners suddenly working and collaborating remotely, and several businesses needing to make workplace modifications to meet new healthcare guidelines, an organisation’s security posture is made more vulnerable.
Below are a few contributing factors:
This year, for most enterprises, their entire corporate infrastructure has had to metamorphose faster and more dramatically than ever before.
To defend the enterprise against cyberthreats, the first step is understanding the organisation’s current security posture, by gaining complete visibility of all of the users, devices, applications, and networks in use by the enterprise, along with all of their associated security settings.
The Challenges of Cybersecurity in the time of covid-19
The proliferation of new endpoints, home routers, and app usage has increased the attack surface and has challenged IT teams to keep up with the growing threat landscape.
Additional Security Measures Through Workforce Vigilance
Firewalls, web content filters, antivirus software and other security point products can only go so far: the entire workforce must be on board with defending the enterprise against cyberthreats.
This means continuous training to help employees identify not only phishing scams but also more subtle attacks, such as adware or man-in-the-middle attacks, that might not be discernible to the average internet user.
Employees may not have the time for formal training—and organisations may not wish to invest the time to develop and deliver formal training. According to the 2020 Training Industry Report published by Training magazine, companies provide on average only 55.4 hours of training per employee per year, which is little more than one hour per week. Nonetheless, informed employees are necessary to defend the enterprise against cyberthreats, and short training modules delivered continuously in the flow of work can help secure employees and the enterprise’s assets and infrastructure.
Enterprise Security Governance and Compliance Need to be in Place
Enterprise security governance, or the strategy for reducing the risk of authorised access to the organisation’s assets, including endpoints, applications, and infrastructure, is key.
More than simply installing firewalls or buying VPNs, enterprise security governance is a complete strategy to develop, deploy, test, and continuously improve an organisation’s enterprise risk management and security policies.
This should be a shared responsibility between IT, operations, legal, finance, and other teams committed to protecting and defending the organisation’s assets.
Further, there may be industry-mandated security measures, such as those required by GDPR and PCI-DSS, with which the enterprise must comply. Legal and compliance teams need to work closely with IT to ensure that these additional data security and privacy measures are in place in order to avoid possible fines and reputational risk.
READ MORE about how your enterprise can stay more secure in the times during and after the pandemic.