Three Key Lessons Learned From 2022 Data Breaches
Anurag Lal, President and CEO of Infinite Convergence.
In 2022, it was business as usual for cyber criminals who continued their attacks on businesses across industries. Companies from Twitter to Microsoft to American Airlines to Uber experienced data breaches this year as cybercrime continued to claim more enterprise victims. During the third quarter of 2022 alone, approximately 15 million data records were exposed worldwide through data breaches. That figure was an increase of 37% over the second quarter of 2022.
Data breaches like these have costly consequences, including financial penalties, operational disruption, reputational damage and loss of customer trust. A study by RiskIQ quantified the financial impact of data breaches, revealing that cybercrime costs organizations a whopping $1.79 million every minute. While no company is immune from cyberattacks, the breaches that occurred in 2022 teach some valuable lessons that can help IT leaders avoid the massive business risk facing cyber insecure organizations.
Lesson #1 – Cybersecurity best practices training is essential
Cybersecurity training is essential to building a strong security culture across the enterprise that minimizes cyber risk. That’s because 82% of breaches reportedly involved the human element. As employees remain a weak link in cybersecurity, enterprises should make it a continuing practice to educate them to recognize phishing scams and other threats, understand cybersecurity best practices and recognize the importance of following security protocols to comply with regulations such as HIPPA and GDPR.
Cybersecurity training should also address the ramifications of using unapproved apps like consumer-grade messaging solutions that can increase the attack surface in organizations. Employees should be made aware of how easily hackers can exploit vulnerabilities in consumer-grade messaging apps to gain access to a company’s systems and data and how the ramifications of this can be crippling for businesses. For example, this year in the U.S. regulators from the Securities and Exchange Commission (SEC) and the Commodity Futures Trading Commission (CFTC) fined banking institutions $1.8 billion for employee use of unsanctioned communications apps.
Cybersecurity training coupled with the adoption of enterprise-grade mobile messaging solutions can provide employees with the knowledge and tools they need to ensure business communication is secure and compliant across digital channels.
Lesson #2 – Data encryption is mission critical
Protecting data in transit and at rest requires true end-to-end encryption (E2EE). E2EE makes it impossible for cybercriminals to intercept this data, locking down sensitive information to ensure data privacy, security and compliance.
E2EE is one of the best cyber defenses against threat actors and is mission critical in business applications such as mobile messaging and collaboration technology.
Today, as enterprises turn to mobile messaging and collaboration apps to support hybrid and remote working models, they need uninterrupted security for data at rest and in transit which keeps messages secure from prying eyes and prevents messages from being tampered with or altered. Business communication that is encrypted by default provides the strong cybersecurity defense enterprises need to protect data and information as it is transmitted from device to device.
Lesson #3- Reducing the attack surface mitigates risk
One of the simplest ways enterprises can reduce their attack surface and mitigate cyber risk is to use secure-by-design technology solutions. Each solution in the enterprise tech stack should be evaluated on how well cybersecurity is woven into the technology and how effectively it locks out potential threats and vulnerabilities. Organizations should also consider how effectively this built-in data security ensures compliance while enabling efficiency and productivity.
In short, technology leaders should prioritize the data and compliance security of every application before making the decision to deploy it within their organizations.
As we say goodbye to 2022, organizations should prepare for a more cyber secure 2023 by learning these key lessons from the data breaches of 2022. Organizations that take this lessons-learned approach to cybersecurity can avoid being the next data breach headline.