Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business Resilience

6 enterprise data breach and cybersecurity defenses

By Richard Barretto
cyber security

Image by Gerd Altmann from Pixabay

July 1, 2022

For those who think cybersecurity is a cost center, imagine the price of living without it. While ransomware dominates the headlines, the real money drain is a good old-fashioned data breach.

How much are we talking about? Loads. According to the 2021 IBM Cost of a Data Breach Report, even one stolen record of user personal identifiable information (PII) costs the big bucks. “Customer PII was also the costliest record type, at $180 per lost or stolen record. The overall average cost per record in the 2021 study was $161, an increase from $146 per lost or stolen record in the 2020 report year,” IBM found.

Additionally, the report found that costs rose 10% from the previous year, representing the biggest increase in the last seven years. PII was not only the most expensive, but was the most commonly breached, accounting for 44% of all stolen records. These records are often found in files, and sensitive files can contain hundreds or thousands of records. One misdirected or stolen email attachment alone can cost an arm and a leg.

1. Just say no to email attachments

Email breaches are raging like a California wildfire. In fact, 93% of 538 IT leaders surveyed in a report from Egress were breached in the previous year thanks to email issues. Meanwhile, 70% of these IT professionals say remote work boosts the risk of email hacks.

Having these messages breached could lead to compliance trouble and more. Recent data breaches have led to lawsuits and reputational damage suffered by targeted companies.

2. Be wary of employees: Past and present 

Organizational files are commonly put at risk by employees. Insider threats — whether malicious or accidental — can represent significant sources of loss and data breach incidents to an organization.

Employees can pose an unintentional or malicious risk to the organization. Depending on their level of cybersecurity knowledge, they could accidentally become susceptible to a phishing campaign or purposefully introduce malware into the organizational network.

3. Protect files: That’s where the data is 

Sensitive organizational data is often stored in Word documents. “Once data is exported from these systems — sometimes for valid business uses, such as [user] segmentation or powering a marketing campaign — it’s easy to lose control over the data,” noted a recent report. “Sending sensitive data in email messages or as attachments results in a broader attack surface for sensitive data, thus increasing the threat landscape if an email account or cloud storage account is compromised.”

4. Be wary of shadow IT 

File-sharing apps are great, especially for simple sharing of non-sensitive files. However, these programs can open enterprises up to cyberattacks by exposing sensitive data.

The problem is these unauthorized apps are breach and compliance fines waiting to happen. An example of how a data breach can occur with shadow IT services involves blocking the prevention of a recently let-go employee's ability to connect to their employer’s network. By storing the ex-colleague's credentials in an anonymous system, it enables the employee to log on at any time and access current company data.

5. How zero trust lowers breach costs

Zero trust security is helpful in blocking breaches and mitigating the impact of any breakthroughs. While zero trust security appears to be ideal for most organizations, unfortunately, too few adopt it. Results from the IBM study showed that just 35% of organizations had implemented a zero trust security approach.

6. Encrypt, encrypt and encrypt some more! 

The number one best practice is encryption. It has been proven to be incredibly helpful in both business and federal sectors due to its effectiveness. Using encryption to protect enterprise data can help provide another layer of protection even if the network is breached.

KEYWORDS: cyber attack cyber security research data breach costs encryption insider threats zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Richard Barretto is the Chief Information Security Officer (CISO) at Progress.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Leadership and Management
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • cyber security

    President Biden signs executive order to strengthen U.S. cybersecurity defenses

    See More
  • cybersecurity-controls-freepik1170x658.jpg

    5 steps to strengthen cybersecurity defenses in wake of Ukraine-Russia crisis

    See More
  • cyber_lock

    The Data Breach Avalanche: What is the Real Reason for Our Crumbling Defenses?

    See More

Related Products

See More Products
  • 9780367030407.jpg

    National Security, Personal Privacy and the Law

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing