Data breaches have plagued the public and private sectors for years now, leading to hundreds of millions of dollars in economic damages and tens of millions of identity theft victims annually with no sign of easing any time soon. Small-business owners were not always under the gun when it comes to security, as hackers historically targeted larger enterprises with higher volumes of sensitive data and less control over their IT infrastructure due to size.
However, this is no longer the case. All firms are now at risk of becoming the next victim of breach, and hackers are even looking at entrepreneurial companies more frequently because of their inability to secure data and systems. Last May, Property Casualty 360 reported that more than 60 percent of data breaches originate with small and medium-sized businesses, and that roughly 34,529 events are logged each day in America alone.
Larger organizations are certainly not in any better shape with respect to data protection. SC Magazine reported that a 2015 study from PricewaterhouseCoopers revealed 90 percent of major corporations experienced at least one security event in the 12 months preceding the survey. Now, this makes it clear that the frequency of data breaches, as well as volume of victimized firms, are both going up rapidly and impacting virtually every industry in the U.S. and abroad.
If you would like a rundown of some of the more important topics of conversation in the security arena, check out this video from GigaOM on the matter:
In terms of the cost of breach, the trend is similar to the frequency of events. The 2015 Cost of Data Breach Study from IBM and the Ponemon Institute revealed that the average cost of a breach was $3.8 million in 2014, which marked a 23 percent increase from the year prior. The average cost of a lost record also rose in that time from $145 to $154. Suffice it to say that something needs to change soon to protect the continuity of firms.
Tackling new trends from a security standpoint can help to lower overall risk, and here are four movements that will demand more security attention in 2016:
1. Enterprise mobility
Perhaps the most risky aspect of enterprise IT today, smartphones, tablets, portable computers and mobile apps are continuing to perplex security professionals. The challenges of enterprise mobility are significant, and range from the support of staff members who use these devices to maintaining control of backend systems as the endpoints accessing them begin to rise in number and diversify.
Small-business owners likely already know the critical nature of having a mobility plan in place for modern operations, and 2016 should be the year entrepreneurs make strides in the security aspects of management. Leveraging a more comprehensive range of software, solutions and managed services can help improve protection against breach, all the while reducing the impact of events should they occur.
2. The Internet of Things
This trend is catching on way more quickly than many would have expected a few years ago. International Data Corporation expects the value of the IoT market to reach $1.7 trillion by 2020, following a sustained compound annual growth rate of 16.9 percent between 2014 and the end of the survey period. Small businesses will be able to leverage gadgets for a range of purposes, and should improve operations as a result, but the security risks cannot be overlooked.
The same types of challenges involved in enterprise mobility will be apparent in the IoT, but intensified due to the much larger volume and diversity of devices involved in the latter. Network security, identity and access management, mobility monitoring and data encryption technologies should all be in place by the end of this year to ensure that the IoT is indeed a positive trend, rather than one that exponentially increases risk levels.
3. Big data
More officials are beginning to speak out against the potential pitfalls of big data, specifically as they relate to consumer privacy and information protection. Because companies are beginning to handle far higher volumes of information, coming from a wider range of sources, and are using the files for more complex analytics purposes, these frameworks need to also be given the proper amount of attention from a security standpoint.
"Big data needs to be given the proper amount of security attention."
Should businesses fail to protect the storage environments, as well as software that is used to analyze data, they will almost certainly begin to see their threat levels rise as a result. Studies indicate that the vast majority of organizations have begun to use big data and other advanced analytics solutions, yet there are few signs that security has scaled up proportionately. Without the right techniques and technologies in place to avoid a breach of big data assets, the costs of events can be exponentially higher than would be the case with normal attacks.
4. Network attacks
Distributed-Denial-of-Service attacks have been among the greatest threats to continuity and operational performance in terms of security events throughout the past several years, impacting financial services firms more often than others. In these events, hackers will essentially cut off access to core networks and systems so that they can run free and steal the information they desire without the victim being able to do much of anything about it.
This is also one of the primary ways in which disaster recovery and IT security have begun to intertwine of late, and companies need to ensure that they are taking steps to defend against these particular events given the broad range of potential damages. When networks and other components of infrastructure are managed and monitored properly, though, the risk of experiencing these events will be inherently lower than when entrepreneurs try to go it alone.
In that same vein, managed services can be invaluable in the fight to mitigate threats and strengthen the intelligence of security strategies in small business. Expert assistance will reduce the risks of error and poor planning that lead to breach.