While casting blame for your local team’s loss on Sunday may make for great sports talk, asserting blame for your company’s data breach is an uncomfortable exercise of self-effacement. It is a matter that many company leaders are struggling with. According to a recent survey conducted by the Ponemon Institute, 67% of CISOs expect a data breach or cyberattack in 2018.
Phishing emails remain the number one delivery mechanism for ransomware. The ransomware attack on the Lansing Board of Water and Light in Michigan, which forced the utility to shut down its accounting system, email service and phone lines, succeeded because a single employee opened an attachment to a phishing email.
In the simplest terms, the “attack surface” is the sum total of resources exposed to exploit within your enterprise. Defending the attack surface was a lot less complicated when a defined corporate “perimeter” existed, neatly separating a company’s assets from the outside world. But, next-gen technologies (e.g., cloud computing and software-defined networking) have dissolved the perimeter, causing the attack surface to grow exponentially.
Like the GDPR before it, the CCPA is getting a lot of attention because of the rights California residents will have to access data held by companies, to have that data removed, and to prohibit the sale of personal data. The new law, which does not go into effect until 2020, also creates the potential for some eye-popping payments directly to consumers impacted by a breach.
Our businesses are inundated with incidents of ransomware, malware, adware and many other intrusion variants, it’s no wonder that 90 percent of healthcare institutions have been affected, at a total cost of $6 billion a year, according to a recent study from the Ponemon Institute. As we make our way through these threats, one needs to ask; if so many companies offer solutions, and institutions hire top shelf network security engineers, why are there so many breaches?
