November 6th, 2013 by Mike Dickson
The most recent Verizon Data Breach Investigations Report boldly states that “Some organizations will be a target regardless of what they do, but most become a target because of what they do”.
Most business owners believe their company is not at risk of being hacked (i.e. not a target). They believe other companies are more attractive to hackers; but the data does not support this conventional wisdom.
The facts tell a different story. Did you know?
While it is true that 38% of reported breaches impacted larger organizations, the majority of companies impacted by a security breach have less than 2500 employees; and the largest and fastest growing group within this segment is companies with less than 250 employees.
The majority of GBQ clients fall into one or more of these categories; and each group accounts for more than 20% of all reported intrusions/breaches. It seems virtually no industry is immune from the risk of data security breaches.
Hackers are motivated primarily by financial gain, but there are some troubling statistics showing the undeniable growth in organized state-sponsored cybercriminal activity. Our friends and clients who are part of, or serve in the critical infrastructure space, are prime targets of these international cyber-terrorists.
Many executives don’t understand any data about a company, even a list of employees, has value and can be sold on the hacker exchanges. The data in file servers with sensitive meeting minutes, or engineering CAD databases, or inventory pricing databases are high value targets for hackers. It’s not just about credit card numbers anymore. We know most data breaches eventually result in a breach of a server, but we also know that most of these start with attacks on workstations that when compromised lead an attacker to network connected servers.
What can you do to protect your organizations data? Call a GBQ IT Auditor/ Security Specialist to discuss the variety of free and low-cost security tools that can defend your networks from unauthorized intrusions, or proactively notify you when a suspicious activity is occurring on your internal network.