News of major mobile security breaches is becoming a regular occurrence. As cybersecurity threats grow more sophisticated, they’re launching aggressive attacks that leverage malware, ransomware, distributed denial-of-service (DDoS) and other complex strategies to attack dozens of companies at a single time, with victims cropping up all around the world.
These events should strike fear in executives at any enterprise, large or small. However, these instances of breached enterprise security also represent a learning opportunity. Many of the companies struck by these security breaches were unaware of certain risk factors that made them vulnerable in the first place. By studying how these organizations had their security breached, other businesses can address their own liabilities and minimize the associated security risks.
Organizations have every reason to take hard looks at their security. According to research from the Ponemon Institute, the average cost of an enterprise data breach is $3.62 million. Cybersecurity Ventures notes that almost 80 percent of IP traffic will come from wifi and mobile devices by 2025, making mobile technology a critical point of emphasis for companies seeking to shore up their security.
Here are four keys to avoiding the same security mistakes as other major corporations:
Sometimes, the threats can come from within — even in unintentional ways. One major web services provider was taken offline because of an employee’s simple typo that had a domino effect on the rest of the company’s technology. All the company’s web clients were taken offline for several hours while the error was fixed. According to the World Economic Forum, that simple typo cost the company $150 million. These internal technological errors are more common when companies have a complicated internal IT architecture and a wide range of vendors, third-party applications and technologies coming together in a single enterprise environment.
Meanwhile, the growth of IoT devices at the enterprise level has opened the door to DDoS attacks. Cybercriminals are theoretically able to commandeer millions of devices to mount massive attacks that flood internet traffic and bring down websites. These attacks can be prevented by reinforcing the network architecture through placing servers in different locations and creating different networks and pathways for separate data centers so there are no points of failure that can be attacked to bring down a company’s network.
DNS servers are popular targets for security attacks because they control so much of the internet. One recent prominent DNS attack managed to take down several of the internet’s largest websites, including online retailers and social networks.
According to Network World, using multiple DNS providers gives you the flexibility to customize your response so that when certain feedback indicates your primary DNS provider is under attack, you can seamlessly switch to a backup provider and possibly avoid any downtime.
Ransomware attacks have become a popular method of leveraging security breaches to extract money from enterprises that can’t afford to lose critical or sensitive business data. Ransomware essentially takes a device’s data hostage and threatens to wipe it clean if certain payment demands aren’t met.
Some companies feel they have no choice but to pay, but doing so presents its own challenge. Once you’ve shown a willingness to pay the ransom, you’re only more likely to be attacked again. A much cheaper alternative is to invest in secure backups designed to recover machines after they’ve been infected with ransomware. With a backup system in place, you can sit back and let the ransomware wipe your data, only to recover it with minimal lasting damage to the company.
Enterprises can take it one step further by choosing a security vendor that offers early ransomware detection services, helping you identify which devices have been infected as early as possible, which might help the company protect other devices.
Employee error is a serious threat, and it extends all the way to leadership. Furthermore, executive leaders will be hard-pressed to oversee enhancements to mobile security when they don’t understand the cutting edge of the security threats the company faces.
In a research partnership with The Aberdeen Group, Wombat Security found that changing employee behavior can reduce the risk of security breaches by 45 percent to 70 percent. This statistic alone underscores the importance of delivering effective training. Enterprise leaders should consult with their security vendors about training and educational programs that can bring employees up to speed on the latest security threats, as well as how their individual behavior can affect the company’s security for better or worse.
Executives should also seek out instructional technologies that offer training on how to implement strategies to prevent mobile security breaches. IT can only do so much to protect the company’s network architecture. The best security front will require executive buy-in and rollouts of employee training strategies.
Mobile security threats aren’t going away anytime soon. If anything, they will only increase as enterprise activity continues to shift to mobile. Preventing mobile security breaches is often impossible to guarantee, but following a set of best practices and learning from past security failures will help companies minimize risk and improve responsiveness when disaster strikes.