Despite news of hacking, industrial espionage, corporate data theft, data leaks and other breaches and assaults on enterprise information coming to the fore and grabbing headlines almost daily, a shocking amount of businesses – especially smaller ones – are still under the impression that they are immune to such threats.
“There is still a wrongful belief among small to medium enterprises (SMEs) that hackers and other types of cybercriminals are only after big corporations,” says John Mc Loughlin, MD of J2 Software. “They mistakenly think that they are too insignificant to become targets and that it will therefore never happen to them.”
Results from a survey conducted by the Ponemon Institute reveal that network breaches are already a major problem for small businesses. In this study, SMEs from a variety of industries, including attorneys, health care providers, restaurant and small retailers were polled.
According to the outcome, 55% of small businesses have already suffered a data breach, and alarmingly, 53% of those were breached more than once. Such breaches carry implications that extend beyond financial losses.
“Companies that have suffered breaches run the risk of violating industry and government regulations as well as local and international statutory compliance regulations such as King III – which for the first time explicitly addresses IT Governance and Data Security – and the New Companies Act, both of which have to be adhered to and followed by all businesses – no matter how small,” Mc Loughlin says.
“The other major implication of a data breach is that companies stand to lose the trust of their customers, especially if the customers are directly affected by the breach by, for example, having their personal information stolen or their privacy violated. It can cause irrevocable damage to a company’s reputation.”
Mc Loughlin says contrary to popular belief, the breaches are not always the work of outside parties, but of internal, trusted users.
“Recent statistics show that well over 50% of employees who have lost or left their jobs in the past year have kept confidential corporate data, and 40% of them admitted that they were planning on using that information in their new jobs. But it’s not just disgruntled ex-employees who nab the company data: 56% of employees actually believe that it is not a crime to use a competitor’s trade secret information.”
Yet many employers are so trusting, they still do not think that their employees will steal their data. LogRhythm polled one thousand employers and found that 80% of them do not believe that any of their workers would view or steal confidential information. Another 75% admitted to having no enforceable systems in place to prevent their employees from gaining unauthorised access to company data.
Even corporations aren’t immune to employees stealing information from them. Processor manufacturer AMD made headlines at the beginning of this year when it filed suit against four of its former employees who it accused of stealing thousands of documents before leaving to go and work at rival company Nvidia.
“Although many companies do have the necessary policies in place, they have no way of enforcing or controlling them,” Mc Loughlin says. “The truth is that most employers have no idea what their employees are really getting up to on the company network. If they did I am sure all of them would be shocked.”
A solution lies in a combination of an internal security management and policy enforcement. A comprehensive solution which must be focused on policy enforcement by tracking, monitoring and controlling all user activity across your systems will give your company the ability to monitor, control and report on the activities of individuals or groups of users, both reactively and proactively.
“You simply cannot afford to not know what is really going on,” Mc Loughlin concludes.