Stolen identities, not hackers, are the main reason for security breaches, says a recent report compiled by Verizon.
The Data Breach Investigation Report, released late last month, shines a disturbing light on security breaches and how they happen. Those breaches, the report explains, have become a more common occurrence in the computing world with an average growth of 66 percent annually since 2009. In 2014, 43 million breaches were reported by 9,700 companies.
However, companies can protect themselves, the report indicates, by ensuring only a limited number of people have access to important information.
“The more people granted access, the bigger the target you offer to attackers, and the greater the risk of accidental or deliberate misuse by staff,” the report states. “Access should be limited on the basis of ‘need to know’ or ‘least privilege,’ giving each individual the minimum privileges and access to data required to perform their role. This should include frequently overlooked systems managing physical security controls, like badge readers.”
As Computer World reported, companies can protect themselves by following basic rules such as ensuring anti-virus software is up-to-date, systems are properly patched and maintained as needed and employee awareness is also maintained when it comes to malware and phishing schemes.
The report, though, sums it up nicely by noting too many companies still leave compliance and protection solely to its security team.
That provides only some protection as it “is not only expensive and disruptive, but doing so leaves them more vulnerable to data breaches caused by changes to processes or infrastructure that happen between assessments. The answer is to fully integrate compliance into the context of your organization’s larger governance, risk, and compliance (GRC) strategy, and make it part of day-to-day activities.”