More than 2.2 billion records were stolen last year in almost 3,000 public data breaches. While the media spotlight was on big brand mishaps like that of Yahoo (over 1 billion records compromised); is it safe to assume that small businesses were overlooked by the hackers? Here are all the security lessons we learned in 2016.
You can start by finding out if your website vulnerabilities with Indusface Free Website Security Scan.
Hackers do not differentiate between small and large companies. Their automated tools often scan to find out the weakest defenses across the web. Osterman Research’s survey purports that 71% of SMEs have suffered a security breach during the previous 12 months. Since these breaches are rarely made public, most SMEs are reticent about investing in appropriate security measures and personnel to address the risks associated with protecting their brand and their customer’s sensitive data. While enterprises usually have the budget to invest in an in-house application security team, smaller companies don’t have the leisure of this benefit.
A few years ago, Gartner found out that 70% of the cybersecurity threats were at the application layer. However, companies have failed to secure Layer 7 altogether even after all these years. Recently Ponemon Institute surveyed 600 IT leaders & found out that 49% of businesses have experienced ‘Web-based (web application) Attacks’ and noted these attacks as the most common threat facing businesses today. On the other hand, SANS Institute’s IT Security Spending Trends reports that companies still spend more on wireless security and network traffic visibility, which suggests that they still consider their network defenses the best means of protecting their sensitive data. Given that the majority of security vulnerabilities exist at the application layer, it’s imperative that SMEs start looking beyond the traditional security approach restricted to the network layer. They must have a plan to manage their web presence.
Hackers have found ransomware and application Distributed Denial of Service (DDoS) attacks as new weapons to hold companies against a ransom. Last year, when the TalkTalk database was breached, the company received a ransom demand from a group or individual that claimed the responsibility. They demanded approximately £80K in Bitcoins. This year, several such incidents have been reported where hackers threatened to launch DDoS attacks against companies that failed to pay the ransom.
According to a survey, 80 percent of IT security professionals believe that their organization will be threatened with a DDoS ransom attack in the next 12 months. Even more alarming is the fact that 43% of respondents believe it was possible that their organization pays for the ransom demand.
Nearly two-thirds (64%) of consumers surveyed worldwide, in a survey last year, say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen.
The survey also highlighted that around a quarter (23%) of respondents who have been a victim of a data breach, either have or would, consider taking legal action against the breached company involved in exposing their personal information. With customers getting cautious of their choices, it becomes mandatory for brands to secure not only their money but also Personally Identifiable Information (PII).
The year 2016 has crushed security perception for organizations around the world. No company is truly secure without shielding the ‘most vulnerable’ communication layer, i.e. Layer 7/Web Application. Indusface, through its Total Application Security solution, helps businesses detect, protect and monitor such application-layer threats including automated attacks. Offered as a service, it provides full management of the operation using subject matter experts at a fraction of the cost of hiring an in-house team. It includes:
Find out how it secures your business and customers with a Free Forever Plan today.
This post was last modified on May 19, 2021 17:02
A Managed WAF is a comprehensive cybersecurity service offered by specialized providers to oversee, optimize,… Read More
Explore crucial tactics like Asset Inventory, Patch Management, Access Control & Authentication, and additional best… Read More
Delve into the data privacy questions including consent protocols, data minimization strategies, user rights management,… Read More