Results from a recent report by CompTIA have the industry reeling.
According to the study, 63 percent of Australian organisations have experienced at least one security breach or incident over the past year. What's more, mobile security incidents are becoming more prominent. It was found that 71 percent of Australian organisations reported a mobile-related security incident such as lost devices, data policy violation or simply staff disabling security features.
It is statistics like these that cause sleepless nights for IT staff. Once an organisation has been breached, the amount of damage that can be inflicted in a short measure of time is immeasurable. ESET, a digital protection company, has observed this significant increase in security breaches in organisations and has commented on how to identify and prevent this security risk.
“The information stored by organisations can be very valuable and profitable for e-criminals," says Nick FitzGerald, senior research fellow at ESET. "We have seen an increase of these breaches as there is more and more data available such as customer names, addresses, social security numbers and so on."
Fitzgerald affirms one of the major problems plaguing modern organisations is that security breaches can come from anywhere - from failing to install a proper security system, to compromised credentials to simple human error. “Security breaches often come from issues with passwords," Fitzgerald says. "Generally, the security afforded by passwords is overestimated, being further weakened by users sharing passwords across organisations, devices and even with colleagues. Organisations don't always realise they put their data at significant risk by allowing this.” How to avoid security breaches
Fortunately, there are a number of ways in which your organisation can improve security and avoid costly breaches. Fitzgerald outlines a few below:
- "A good, cheap and easy option would be using two-factor authentication, based on one-time passwords, possibly generated in users' mobile devices
- Of course, having an appropriate security solution, email spam filter and a web application firewall is always a good thing
- Make sure former employees can't access any systems to avoid any future breaches
- Store the minimum information required to avoid massive data breaches"
A data breach can cause significant downtime and even shut down an organisation for good. They can be very expensive to fix, so it is essential that not only essential security measures are put in place, but the defence is continually tested for weaknesses.