Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity News

Three Reasons Cybercriminals Continue to Succeed in Breaching Some of the Biggest Brands

By Maxim Frolov
hacker- enews
April 10, 2019

In 2018, we witnessed some of the biggest data breaches ever – affecting businesses and consumers alike.

From social media, hospitality, healthcare and even mail delivery, 2018 proved that there is no escaping cybersecurity flaws, regardless of the type of business or its popularity. For example, we witnessed the data of approximately 500 million Marriot guests get breached and a USPS security flaw that exposed the personal data of more than 60 million people.

Not only do these kinds of breaches cause reputational havoc, but with new regulations such as the GDPR taking hold, fines are also a big fear factor for business leaders. According to reports, Facebook’s potential fine for its part in the Cambridge Analytica scandal could reach $1.63 billion– a harsh reality for a global giant like Facebook to face and pay up. Even for small businesses, the idea of paying up to four percent of their annual turnover as a fine isn’t a fun one.

With the average data breach costing enterprises $1.23 million and fines in the billions now at stake, security professionals, like chief information security officers (CISOs) and business leaders need to band together to align their strategies and budgets with the protection needed to stand up to today’s evolving cyberthreats.

You would think this is already happening, but then again, why are cybercriminals so often continuing to succeed in breaching big and small brands?

 

Cybersecurity breaches are unavoidable – protection is a must

According to recent survey results from Kaspersky Lab, almost nine-in-ten (86%) CISOs globally believe that breaches are inevitable. These are the people core to protecting an organization’s information and data security and even they are not confident in being able to mitigate the risk of a cyberattack. And there is a valid reason behind this certainty.

Most enterprises are on a path towards digital transformation, with over half (52%) agreeing that this is the tech trend that will have the biggest impact on the IT security of their organization in the next five years, according to the same report.

Digital transformation widens the surface of attack, giving cybercriminals more opportunities to find weaknesses to creep into systems and leak or exploit data. Cloud adoption, the increasing mobility of workforces and the rise in the use of digital channels, are all contributing factors here, increasing the risks.

Unfortunately, this isn’t the only factor that CISOs are up against. What if a malicious insider – an employee perhaps – was to single-handedly work against a company or even combine their efforts with those of an external attacker? To help them through the backdoor, so to speak.

This sort of threat could be especially difficult to identify and prevent in advance. In fact, it’s one of the most feared types of threats among the CISO community, with 29 percent of CISOs agreeing this is the biggest IT security risk facing their organization – second only to concerns about financially motivated cybercrime gangs at 40 percent.

With fears of digital transformation and malicious employees keeping security professionals up at night already, business processes and budget are also causing a headache for CISOs to ensure a proper security strategy.

 

Business budgets for security need to be prioritized

With proof points like rampant attacks and reports on concerns of CISOs, one would think it should be easy to bring business leaders on board with supporting a cybersecurity budget.

Although many may think it’s easy for CISOs to justify the need for their budgets, recent research from Kaspersky Lab has shown that they are actually struggling to get the budgets they require to fight off cybercriminals – which contributes to continued attacks and cybercriminal success.

There are a couple of reasons that the budget isn’t being allocated properly to security:

  • Sometimes security is lumped into the wider IT budget. A budget that is being prioritized for digital, cloud or other IT projects.
  • Most commonly, it’s hard for CISOs to get budget specifically for security purposes because they cannot guarantee that their organization will not suffer a breach.

Proving the ROI in cybersecurity protection presents a challenge, but businesses must side with being prepared, or prepare to live with the fact that they could have done more to protect the company once a breach has hit – or even lose their jobs because of it.

At Kaspersky Lab we think the question: “can you guarantee there won’t be breaches anymore?” isn’t really a question that businesses should be asking.

 

Business leaders are not asking crucial cybersecurity questions

The right questions lead to the right decisions. There are plenty of reasons why the question ‘can we prevent an attack?’ is not the right one for business leaders to be asking CISOs. So what is the right question to ask?

When it comes to cyberattacks, it’s not a matter of “if” but “when” one will occur. So, the crux of the issue really lies in whether a business can detect an attack fast enough and respond in a timely manner to minimize its impact.

When business leaders are presented with a CISOs request for increased budget or separate security strategy, business leaders should be asking how the money will be used to prevent and detect advanced cyberattacks early on.

Anyone in security will tell you that a “prevention-only” strategy is no longer sufficient. That mindset is out of sync with how businesses today work. When it comes to targeted, highly elaborated attacks, detection and mitigation should instead be the priority for the organization.

Considering the three reasons why cybercriminals are still a success today will allow CISOs and business leaders to improve their protection strategy. It’s not about guaranteeing the complete prevention of cyber incidents, it’s about being prepared and raising the price of attacks for attackers. It’s about making an attack unaffordable, and not worth their while.

More importantly, the CISO’s strategy for security needs to be supported by business leaders, otherwise the security team can’t take immediate action when cybercriminals make attempts to interfere with the organizations’ network. If CISOs and businesses take the necessary measures and think about the three reasons cybercriminals are succeeding, they will improve their overall IT security strategy and increase their chances of staying out of the headlines as the next big brand being hit by a breach.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: CISO cyberattack data breach data breach costs security strategy

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maxim frolov
Maxim Frolov is the Managing Director in North America and Vice President of Global Sales, with over 20 years of experience in the IT industry.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Virus Detected

    5 reasons why scams survive, thrive, and succeed

    See More
  • Security 500

    Three Great Reasons to Attend the Security 500 Conference

    See More
  • SecOps need to remove barriers to implement automation to help security operations

    The three biggest barriers to allowing automation to solve your security headaches

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • facility manager.jpg

    The Facility Manager's Guide to Safety and Security

  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing