Plugging the Leak
Two of the biggest mistakes an organization can make when it comes to the loss of sensitive data are denying the potential risks and consequences of a breach and not having an ability to detect leaks, if one should occur. Many people place all their faith in protective technologies like firewalls and antivirus software, believing these together form a comprehensive and impenetrable defence against cyberattacks.
A recent Canadian study by the Canadian Internet Registration Authority (CIRA) indicated that 32% of organizations had unwittingly divulged sensitive information due to phishing attacks. This same report showed 19% of organizations have been hit by ransomware, a threat which can leak data or destroy it completely.
Perhaps the biggest misconception about cybersecurity threats is that they target specific organizations or specific data of value, such as national security secrets. While targeted threats like this definitely exist, this won't-happen-to-me attitude couldn't be further from the truth in the general case. The majority of attacks are cast widely, catching as many victims as possible, regardless of their potential monetary or strategic military value.
When combined with the lack of cybersecurity training for personnel and advanced defensive technology, it's easy to see why small businesses are often hit the hardest by cyberattacks.
Sealing the Leak
Any good program for reducing the likelihood of a breach must take a comprehensive approach, tackling the risks associated with people and processes, not just technology. Many standards have been published to assist organizations with getting started. One of the more popular cybersecurity frameworks is published by the National Institute of Standards and Technology (NIST). It provides guidelines for organizations to develop, maintain, and improve their security posture.
Regardless of which approach your organization takes, remember that there is no silver bullet. Breach is inevitable for most organizations and the best we can strive for is reducing the impact to customers, shareholders, the business, and the global community.