With the increasing incidents of data hack every day, companies are on a treadmill to stay ahead of hackers still they are not completely safe.
Last year, private sector companies globally spent more than $75 billion on security software to safeguard their systems and data and now the number is expected to grow by 7% annually. The percentage does not include amounts spent on fraud prevention by banks which is expected to reach into the billions annually.
But even when companies aren’t compromising on security for money, the customer data isn’t completely safe. Data breaches have soared vastly in the last two years and ransomware is one of the biggest emerging problems of the hacking world where hackers demand payment to return sensitive data they’ve stolen or locked up to the rightful owner. Hackers have huge financial incentives to resell employee personal information or corporate secrets.
Hackers are getting smarter with every passing day. They have found ways around existing security software, especially signature-based antivirus (AV) software.
The reason why data breaches are increasing is because companies aren’t deploying security analytics to detect suspicious events. The growth of cloud computing has also put sensitive enterprise data outside the more secure data center. Lack of proper monitoring the security software or setting up sufficient protective cybersecurity policies also ends up in a breach.
“Companies are worse off by 100% compared to 10 years ago because the world is more complicated now,” said Gartner analyst, Avivah Litan.
Meanwhile, Robert Westervelt of market research firm IDC seems more hopeful of the enterprise security future, even though there are many difficulties.
“I don’t think enterprises have gotten worse at cybersecurity, but they are dealing with complexities that they didn’t have to deal with 10 years ago,” said Westervelt.
Similarly many security researchers have been divided on the problem of rising company breaches.
A factor complicating the private sector's cybersecurity dilemma is that companies don’t want to talk publicly about having been hacked, in fear of losing customers or investors. Analysts believe there are much more hacks against enterprises than are being publicly reported. Companies which are performing better in terms of cybersecurity systems don’t tell their achievements in order to avoid any attacks.
Some attacks are widely discussed like the Sony Pictures hack in 2014 and the data breach of retailer Target in late 2013, where PoS malware stole credit and debit card information on more than 70 million customers.
Many other hacks of private sector companies are not detailed in public. A new survey conducted by the Ponemon Institute, an independent research and education group researched on 3,027 IT workers and end-users at U.S. and European organizations found 76% had been hit by the loss or theft of important data over the past two years, a sharp increase from 67% in a similar survey done in 2014.Out of 1,371 end users in the survey, 62% had access to company data that they probably shouldn’t see. IT workers in the survey said negligence by insiders was more than twice as likely to cause the compromise of insider accounts as compared to other factors like external attacks, or actions by disgruntled workers or contractors.
The survey found that data loss and theft was largely due to compromises in insider accounts exacerbated by a far wider employee and third-party access to information than is necessary.Companies continue to fail to monitor and access activity around email and file systems where most of the sensitive data lives.
The level of security varies by industry segment. Healthcare institutions, specifically hospitals mostly have bad monitoring. IDC said in a recent report that hospitals, universities and public utilities rank worst in their security capabilities and practices mostly due to lack of manpower and money.
There is some good news, however, on the front to thwart cyberattacks from nations competing with the U.S. Analysts and companies, such as Duke Energy and Verizon, were encouraged recently when U.S. intelligence officials said they would soon share supply chain threat reports to critical U.S. industries in telecommunications, energy and financial businesses.
Those threat reports will go beyond some of the conventional software means of tracking existing hacks into other companies and locations and hopefully will reveal information about human actors and their potential targets, Litan said.
Keeping up with the ever-evolving, constantly changing cybersecurity is a process private sector will have to keep up with to protect themselves and their customer’s data. Even though companies don’t focus on security, but basic technology must be put in place because all of us live in a really bad world where locks are necessary.