Data breaches have grown not just in prevalence but also in scale, with the most significant intrusions affecting some of the world’s top brands, from Marriott and Equifax to ecommerce giants like Ebay and Target. As a result, businesses are losing not just users and their time-tested reputation but also millions of dollars in stock valuation. If a large corporation with virtually unlimited resources could be hit, imagine the damage that could cause for a smaller business with fewer assets to defend themselves.
But why is this happening? Most of the largest breaches in the past decade were caused by companies leaving their door wide open, making it extremely easy for criminals to access confidential electronic data. Consider Target in 2013, for example, which made headlines when hackers accessed the company’s POS payment card readers through an HVAC vendor, retrieving 40 million credit and debit card numbers. This breach occurred little by little over the span of several weeks. So by the time it was discovered, criminals had collected full names, telephone numbers, email and home addresses of a reported 70 million Target customers. In the end, the breach cost the company $162 million in damages.
While it’s impossible for companies to completely eliminate risk as hackers find different ways to break in, most data breaches could have been prevented well in advance with 24x7 security log monitoring and threat blocking by security analysts. “The best approach,” explains Michelle Perez, SOC Operations Manager at Cyber Security Services, “is to assume a breach will happen at some point, implementing a system to stop it when it does.” For instance, Target could have protected its network with a security monitoring system that would send an alert in real-time when the HVAC vendor or any unauthorized user connected to their internal system—blocking access at the time of intrusion. Beyond this, a network security monitoring system automatically stores log data, providing the record required for regulatory compliance under PCI, HIPAA, GDPR, GLBA, and FERPA.
Bottom line, recent high profile breaches offer an excellent opportunity to learn from the mistakes of others. By putting a proactive network security monitoring system in place, you’re prepared regardless of how many new and inventive ways hackers find to breach your network.
About The Author
Michelle Perez is the SOC / MSSP Operations Manager at Cyber Security Services, a cyber security consulting firm and security operations center (SOC) headquartered in Columbus, Ohio. The company helps organizations meet cyber security challenges through consulting engagements, Virtual CISO Services, and network security monitoring. Learn more about the benefits and importance of network security monitoring at www.cybersecurityservices.com/network-security-monitoring.