Companies targeted by cyber-criminals
Whether your company is a big or small enterprise, there is a good chance that it could be a target for hackers and cyber-criminals. An important operating item many enterprise companies do not budget into their annual costs, and most notably spend time on is cyber security. This is usually due to limited IT resources or budget constraints. There are some instances when an organization will purchase cyber security tools and services, such as deploying security appliances and anti-malware solutions, then rarely have the time and resources to keep up with routine maintenance and monitoring all the possible issues that arise. These security measures also need to be routinely assessed too, as well as regularly updated with the latest signatures. Because of this, it is critical that cyber security is an ongoing process as part of a business function.
Cyber security incidents continue
Recently, on September 7, Equifax announced a cyber security incident which has potentially impacted 143 million U.S. consumers involving their personal information including addresses, birth dates, Social Security numbers, and even driver’s license numbers. Credit card numbers were also accessed for approximately 209,000 U.S. consumers, as well as certain dispute documents with personal identifying information for 182,000 U.S. consumers. After the September 7 incident, Richard F. Smith, chairman and chief executive of Equifax, did acknowledge that “confronting cyber security risks is a daily fight.”
Security must be ongoing
Equifax was also criticized by cyber security professionals after this breach happened for not improving its security practices after the past two breaches that occurred in 2016 and earlier this year in 2017. In these previous breaches, cyber-criminals accessed critical W-2 tax and salary data from the Equifax website and stole W-2 tax data from an Equifax subsidiary.
Though I am not insinuating that Equifax did not have an ongoing process for their cyber security, by any means, this is merely a perfect example of how shifting to the mindset of applying cyber security as an ongoing process for any organization can be critical to a business. The most important thing to realize is to not only focus on the current threats, but the threats of tomorrow and beyond.