A new report from Verizon found that organizations across multiple industries compromised mobile data security due to a lack of awareness about threats - or by placing a higher priority on getting products to market. The first annual Verizon Mobile Security Index 2018 seeks to raise awareness of the current mobile security landscape, and provide recommendations for protecting the mobile enterprise
More than 60 percent of respondents said a "lack of understanding of threats and solutions" was a barrier to mobile security, but nearly one-third "admitted to sacrificing mobile security to improve business performance."
Businesses reported all-time high levels of fraud, cyber and security incidents during 2017, according to senior corporate executives surveyed worldwide for the 2017/18 Kroll Annual Global Fraud & Risk Report.
About 84% of companies surveyed worldwide experienced a fraud incident in 2017, according to the report.
The proportion of executives reporting that their companies fell victim to at least one instance of fraud over the past 12 months increased to 84%, from 82% in the previous year. Levels of reported fraud have steadily risen every year since 2012, when the reported occurrence was just 61%.
Does your favorite yoga studio or local ice cream shop have a cybersecurity risk management plan? If not, they may be putting their sensitive data- or yours- at risk of cybertheft.
According to new research from insurance firm Nationwide, a significant percentage of small businesses may not know they have been a cyberattack victim due to a lack of understanding as to what constitutes a cyberattack.
Nationwide’s annual survey of business owners found that 13 percent said they experienced a cyberattack.
However, that number jumped to 58 percent of owners who identified as victims when shown a list of specific examples of attacks, including phishing, viruses and ransomware - revealing a 45 percent gap in lack of understanding about what constitutes an actual attack.
Creating a culture of security, as you’ve likely gathered, is not a static process. The key to staying ahead of cybercriminals is consistent review and updates. A common mistake organizations make with their security awareness program is failing to plan long term. Often times, they get caught up in the initial roll-out of their training, but forget to plan on updating their program periodically. New types of attacks are consistently generated, so it is important that senior management and the IT department work together to stay ahead of the hackers. The key to maintaining a strong security posture is consistent review and updates.
The process of creating a security culture does not end after awareness training is complete. In fact, each of the preceding steps in this series have built upon one another to get your organization to this point. Now is when the ongoing task of keeping cybersecurity front-of-mind begins.
If you’ve followed our first three steps for creating a culture of security, you’ve set you, your employees, and your organization up for success in these final two steps. The assessment has revealed key strengths and weaknesses in your current cybersecurity environment. Creating buy-in has developed the framework for a company that values security. Your awareness training has provided all key stakeholders with the necessary tools for spotting and mitigating potential cyberthreats.
If asked to describe your cybersecurity awareness training program, what would you say? What does your training consist of? How often does training occur? Are employees engaged in the training? How often do you update the content? Do you follow up on what was taught after the training concludes?
If you were asked to answer any of these questions, you may quickly realize that your cybersecurity awareness training is inadequate. Worse yet, you may recognize that your training plans are a massive waste of time and resources.
Security comes down to three things: people, process, and technology. Process and technology, are largely handled by senior management and the IT department. Yet, people remain the leading cause of data and security breaches, with human error responsible for 52 percent of such incidents.
While this high rate of incidence is largely due to a lack of training - which we’ll discuss in our next post - the process must begin by developing a company culture that values data security.
The responsibility for protecting the company’s assets, including employee and customer data, is one that must begin to be seen as shared rather than assigned.
You wouldn’t take a road trip without first checking your oil and tire pressure, or fly in an airplane that hasn’t had its regular safety check. Similarly, you shouldn't initiate company culture change without first assessing your current security posture. The initial assessment will expose critical risk factors and set the course for policy and procedure updates. Some organizations embark on a program to strengthen their security infrastructure without first performing a comprehensive assessment. That’s a mistake. They risk misallocating resources and failing to address their most critical vulnerabilities.
In 2016, we saw Hillary’s emails exposed on Wikileaks, the Democratic National Convention (DNC) email leak, taxpayers affected when the Internal Revenue Service (IRS) was hacked, U.S. Department of Justice breach exposing 20,000 FBI employees, Verizon customer data exposed, San Francisco’s public railway system shutdown, and most recently Yahoo’s billion account hack. The theft of Protected Health Information (PHI) continues to accelerate, with over 15 million patient records compromised in 2016. The FBI estimates that ransomware will be a 1-billion-dollar industry this year. Consumer identities are stolen hundreds of thousands of times, per day, and sold on the black market (The Dark Web) to the highest bidder. This disturbing trend continues to build with no signs of slowing down.