Don’t Let ‘Desensitization’ Undermine Your Cyber Security Strategy
You’ve probably been hearing about the risks of ‘breach fatigue’ for a while now.
Breach fatigue is when people stop noticing all the news about cyber security breaches (because it’s so constant) and become desensitized and less concerned about protecting confidential information.
6 reasons why desensitization may be occurring.
By The Numbers: A recent survey by National Cyber Security Alliance found that over half of all Americans received multiple data breach notifications last year. Businesses had their fair share too – the AT&T Cyber Security Insights report showed that businesses suffered nearly 43 million security incidents in 2014, an increase of 48% compared to 2013 and equaling about 117,000 incoming attacks every day.
Confusion: Some people think data breaches are just a debit or credit card problem. But according to a trendmicro.com paper, the healthcare sector accounted for more than a quarter of all breaches (26.9%). The education sector accounted for 16.8%, government agencies, 15.9%, and retail, 12.5%.
Attitude: “There’s a general feeling that there's little consumers can do to prevent these incidents,"said Dave Frymier, chief information security officer at Unisys, in an online story. A recent Ponemon study found that 32% of respondents did nothing after receiving a notification of a data breach.
Minimal Consequences: “The majority of people have not been personally harmed by cyber crimes because the losses are absorbed by businesses and financial institutions," Frymier said.
Misinformation: Small- and medium-sized businesses think they’re not on information thieves’ radar. But Symantec’s Internet Threat Intelligent Report showed that 60% of targeted attacks in 2014 struck small and medium sized businesses.
Staffing Issues: A recent study by Ponemon showed that 70% of companies said their information security department was understaffed. It has been forecast that 40% of IT security jobs will remain unfilled in 2015.
Breach fatigue is actually inviting – and allowing – information thieves to commit identity theft and other crimes.
What’s important to remember is “there’s no finish line in security,” said one industry executive. The challenge is knowing how to reduce data breach risk and keep information security top of the mind.
Here are best practices that make a difference.
- Establish security roles and responsibilities in the company. Appoint a Chief Information Security Officer (CISO). Look inside the company to grow other security professionals and provide specific training.
- Create a written cyber security policy, and support a culture of security from the top down.
- Ensure all employees are trained in security policies and procedures including Internet usage, responsible email usage, mobile devices security, and social engineering.
- Secure the organization’s network and hard drives. Regularly monitor, review and update information security practices, systems and software.
- Use a security assessment to identify vulnerable areas. Create a data breach response plan.
- Vet all third-parties that have access to your network systems.
- Partner with a document destruction company for secure e-media and hard drive destruction. Secure media destruction means that confidential information is 100% non recoverable.
Don't let desensitization to breaches be a detractor to your cyber security.