This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Three Reasons Cybercriminals Continue to Succeed in Breaching Some of the Biggest Brands
Cyber Security NewsSecurity Leadership and Management

Three Reasons Cybercriminals Continue to Succeed in Breaching Some of the Biggest Brands

hacker- enews
April 10, 2019
Maxim Frolov
KEYWORDS CISO / cyberattack / data breach / data breach costs / security strategy
Reprints
No Comments

In 2018, we witnessed some of the biggest data breaches ever – affecting businesses and consumers alike.

From social media, hospitality, healthcare and even mail delivery, 2018 proved that there is no escaping cybersecurity flaws, regardless of the type of business or its popularity. For example, we witnessed the data of approximately 500 million Marriot guests get breached and a USPS security flaw that exposed the personal data of more than 60 million people.

Not only do these kinds of breaches cause reputational havoc, but with new regulations such as the GDPR taking hold, fines are also a big fear factor for business leaders. According to reports, Facebook’s potential fine for its part in the Cambridge Analytica scandal could reach $1.63 billion– a harsh reality for a global giant like Facebook to face and pay up. Even for small businesses, the idea of paying up to four percent of their annual turnover as a fine isn’t a fun one.

With the average data breach costing enterprises $1.23 million and fines in the billions now at stake, security professionals, like chief information security officers (CISOs) and business leaders need to band together to align their strategies and budgets with the protection needed to stand up to today’s evolving cyberthreats.

You would think this is already happening, but then again, why are cybercriminals so often continuing to succeed in breaching big and small brands?

 

Cybersecurity breaches are unavoidable – protection is a must

According to recent survey results from Kaspersky Lab, almost nine-in-ten (86%) CISOs globally believe that breaches are inevitable. These are the people core to protecting an organization’s information and data security and even they are not confident in being able to mitigate the risk of a cyberattack. And there is a valid reason behind this certainty.

Most enterprises are on a path towards digital transformation, with over half (52%) agreeing that this is the tech trend that will have the biggest impact on the IT security of their organization in the next five years, according to the same report.

Digital transformation widens the surface of attack, giving cybercriminals more opportunities to find weaknesses to creep into systems and leak or exploit data. Cloud adoption, the increasing mobility of workforces and the rise in the use of digital channels, are all contributing factors here, increasing the risks.

Unfortunately, this isn’t the only factor that CISOs are up against. What if a malicious insider – an employee perhaps – was to single-handedly work against a company or even combine their efforts with those of an external attacker? To help them through the backdoor, so to speak.

This sort of threat could be especially difficult to identify and prevent in advance. In fact, it’s one of the most feared types of threats among the CISO community, with 29 percent of CISOs agreeing this is the biggest IT security risk facing their organization – second only to concerns about financially motivated cybercrime gangs at 40 percent.

With fears of digital transformation and malicious employees keeping security professionals up at night already, business processes and budget are also causing a headache for CISOs to ensure a proper security strategy.

 

Business budgets for security need to be prioritized

With proof points like rampant attacks and reports on concerns of CISOs, one would think it should be easy to bring business leaders on board with supporting a cybersecurity budget.

Although many may think it’s easy for CISOs to justify the need for their budgets, recent research from Kaspersky Lab has shown that they are actually struggling to get the budgets they require to fight off cybercriminals – which contributes to continued attacks and cybercriminal success.

There are a couple of reasons that the budget isn’t being allocated properly to security:

  • Sometimes security is lumped into the wider IT budget. A budget that is being prioritized for digital, cloud or other IT projects.
  • Most commonly, it’s hard for CISOs to get budget specifically for security purposes because they cannot guarantee that their organization will not suffer a breach.

Proving the ROI in cybersecurity protection presents a challenge, but businesses must side with being prepared, or prepare to live with the fact that they could have done more to protect the company once a breach has hit – or even lose their jobs because of it.

At Kaspersky Lab we think the question: “can you guarantee there won’t be breaches anymore?” isn’t really a question that businesses should be asking.

 

Business leaders are not asking crucial cybersecurity questions

The right questions lead to the right decisions. There are plenty of reasons why the question ‘can we prevent an attack?’ is not the right one for business leaders to be asking CISOs. So what is the right question to ask?

When it comes to cyberattacks, it’s not a matter of “if” but “when” one will occur. So, the crux of the issue really lies in whether a business can detect an attack fast enough and respond in a timely manner to minimize its impact.

When business leaders are presented with a CISOs request for increased budget or separate security strategy, business leaders should be asking how the money will be used to prevent and detect advanced cyberattacks early on.

Anyone in security will tell you that a “prevention-only” strategy is no longer sufficient. That mindset is out of sync with how businesses today work. When it comes to targeted, highly elaborated attacks, detection and mitigation should instead be the priority for the organization.

Considering the three reasons why cybercriminals are still a success today will allow CISOs and business leaders to improve their protection strategy. It’s not about guaranteeing the complete prevention of cyber incidents, it’s about being prepared and raising the price of attacks for attackers. It’s about making an attack unaffordable, and not worth their while.

More importantly, the CISO’s strategy for security needs to be supported by business leaders, otherwise the security team can’t take immediate action when cybercriminals make attempts to interfere with the organizations’ network. If CISOs and businesses take the necessary measures and think about the three reasons cybercriminals are succeeding, they will improve their overall IT security strategy and increase their chances of staying out of the headlines as the next big brand being hit by a breach.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

Subscribe to Security Magazine

Maxim-frolov
Maxim Frolov is the Managing Director in North America and Vice President of Global Sales, with over 20 years of experience in the IT industry.

Related Articles

Three Reasons Healthcare CISOs Can’t Ignore Vendor Compliance

The Data Breach Avalanche: What is the Real Reason for Our Crumbling Defenses?

Nearly Half of Americans Willing to Give Brands a Pass for a Data Breach

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

cybersecurity-blog

European Hotel Group Suffers Data Breach Impacting 600,000 Hotels Worldwide

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing