Entrepreneurial Spirit. Independent expertise.


Are you Giving Away your Company’s Data?

November 6th, 2013 by Mike Dickson

The most recent Verizon Data Breach Investigations Report boldly states that “Some organizations will be a target regardless of what they do, but most become a target because of what they do”.

Most business owners believe their company is not at risk of being hacked (i.e. not a target). They believe other companies are more attractive to hackers; but the data does not support this conventional wisdom.

The facts tell a different story. Did you know?

  • 75% of all initial intrusions were not targeting anyone in the first place. These are known as targets of opportunity, or opportunistic attacks. Automated scanners identify specific vulnerabilities and publish the IP address and related weaknesses into hacker discussion groups so real live hackers can come back and exploit the vulnerability.
  • 78% of initial intrusions are classified as “low difficulty” meaning that not even the most basic controls were in place to prevent or detect the intrusion.
  • 66% of the reported intrusions took months to discover.  This is because after a hacker secures access to your systems, they discretely search for more vulnerabilities and collect/aggregate information they want so when their full scale attack is launched, they can download the target data as quickly as possible.

While it is true that 38% of reported breaches impacted larger organizations, the majority of companies impacted by a security breach have less than 2500 employees; and the largest and fastest growing group within this segment is companies with less than 250 employees.

The majority of GBQ clients fall into one or more of these categories; and each group accounts for more than 20% of all reported intrusions/breaches. It seems virtually no industry is immune from the risk of data security breaches.

  • 37% of breaches impacted financial institutions
  • 24% impacted those in the retail and food service industries
  • 20% of network intrusions involved manufacturing companies
  • 20% of network intrusions impacted information and professional service firms

Hackers are motivated primarily by financial gain, but there are some troubling statistics showing the undeniable growth in organized state-sponsored cybercriminal activity.  Our friends and clients who are part of, or serve in the critical infrastructure space, are prime targets of these international cyber-terrorists.

Many executives don’t understand any data about a company, even a list of employees, has value and can be sold on the hacker exchanges.  The data in file servers with sensitive meeting minutes, or engineering CAD databases, or inventory pricing databases are high value targets for hackers.  It’s not just about credit card numbers anymore.  We know most data breaches eventually result in a breach of a server, but we also know that most of these start with attacks on workstations that when compromised lead an attacker to network connected servers.

What can you do to protect your organizations data?  Call a GBQ IT Auditor/ Security Specialist to discuss the variety of free and low-cost security tools that can defend your networks from unauthorized intrusions, or proactively notify you when a suspicious activity is occurring on your internal network.

Leave a Reply

Your email address will not be published. Required fields are marked *