Content

Game on: Why hackers hack

Theft of sensitive data, ranging from employee and customer information to intellectual property, remains at the epicenter of the battle between threat actors and the organizations responsible for protection. Consumers and businesses alike are sharing more data across an ever-expanding digital landscape that includes the cloud, mobile, IoT and more. So, organizations are increasingly challenged with the delicate balance of data use versus associated risk.

Recent Facebook, Equifax and Marriott data breaches demonstrate that no organization is immune to risky security practices. However, the consequences incurred by organizations of this scale are not proportional to what small and medium-sized businesses (SMBs) can potentially face. Armed with massive financial resources, insurance policies, political lobbyists and more, large enterprises have the time, resources and resilience to survive a sensitive data breach. In contrast, SMBs are faced with an ultimatum: evolve or perish.

Unfortunately, evolution at the speed necessary for SMBs to stay competitive requires weighing potential business success versus business risk. While risk is unavoidable, a sensitive data breach does not have to be.

eSentire’s new report on sensitive data security entitled, Know Your Enemy. Know Your Risk, explores the minds of hackers. The report analyzes their motivations for penetrating cybersecurity defenses, their methods, and the most effective ways to reduce your risk. Only 50 percent of organizations think their sensitive data is secure, and a mere 3 percent of hackers agree, according to the research. Hackers are not motivated solely by financial gain. They also enjoy the challenge, status and fun that comes from breaking into the protections around the most sensitive information. The more sensitive the data is, the higher the probability that hackers will attack it.

Knowing your enemy is the first step to protecting your organization. The second step is identifying the threats and minimizing your risks. The report findings offer a clearer sense of:

  • How many businesses have reported a data breach and how much it cost them
  • Why hackers attack sensitive data
  • How hackers get the information they need to breach the most secure environments

eSentire’s research indicates there is a collective lack of confidence in security teams’ ability to detect, respond and contain threats in a timely fashion. Organizations must also consider the financial risk related to their sensitive data. Subsequently, gaps must be filled to mitigate unacceptable levels of risk.

Most SMBs can take preventative measures, such as training employees to take extra precautions in their personal and professional online activities. However, this only goes so far to mitigate the inevitable risk of human error. Further investment in the process and technology necessary to leverage a Security Operations Center (SOC) can be very costly – and many SMBs are not prepared to make the investment. For organizations that lack the expertise or budget necessary to build an internal SOC, Managed Detection and Response (MDR) services are a viable alternative to complement an existing security team’s capability.

To learn more about eSentire’s Managed Detection and Response, visit here.

About the research

This report draws from a compilation of eSentire Security Operations Center (SOC) data reflective of more than 650 organizations spread over more than 50 countries, a survey of 300 North American IT security professionals conducted in May 2019 by eSentire, plus independent research and industry sources including Ponemon Institute and Gartner.

Mark Sangster, vice president and security strategist, eSentire






Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds