Debunking the myth that cyber attacks usually hit large companies, the report calls SMBs “soft targets,” reasoning that these companies have valuable data but lack effective cyber-security controls and trained cyber-security personnel.
Insiders have traditionally been thought of as current or former employees or contractors who use their authorized access to an organization’s system and data to conduct or assist cyber-criminal activity. But employees who make poor decisions about the organization’s cyber-security program can also dramatically increase the risk of attack.
In 2017, Verizon became the M&A cyber risk poster child when it learned shortly before its purchase of Yahoo that Yahoo had suffered two of the largest data breaches in history, in 2013 and 2014, affecting 1.5 billion users. Ultimately, Verizon shaved $350 million off the purchase price.
A former-employee-turned-whistleblower revealed that Facebook never audited the application developers it allowed to access its data to confirm they were using the data according to terms. Facebook subsequently announced it would conduct a thorough review of all application developer use of its data.
The cyber threat environment is more sophisticated than ever, and nation-states have increasingly played a role, often in coordination with other actors. Even the best chief information security officers are evaluating their programs against current threats and beefing up.
By September, the civil rights office had more than 400 such cases under investigation, with more than 200 reported thus far in 2018. The office lists the types of breaches as hacking/IT incident, unauthorized access/disclosure, theft, loss and improper disclosure.
Everyone was afraid of what could happen to company data or operations in the hands of a third-party provider. Today, however, these vendors seem like a safe haven compared to the risks and costs associated with running an in-house data center and cyber-security program.
Call Today!