It seems that not a week goes by without reports that a large, well known corporation has become the latest victim of data theft following a cyber attack.
Infamous examples of data breaches with hugely negative repercussions during the last 12 months include the Sony Pictures cyber attack incident and the attack on US health insurer Anthem by hackers who stole 80 million personal records.
But despite these high profile incidents, it seems that there are still a worrying number of organisations and businesses that are leaving themselves open to data breaches and cyber attacks. Many also lack contingency plans to guide their response if they do become the victim of cyber criminals.
Research by information services company Experian suggests that UK businesses significantly underestimate their readiness to cope with the full impact of a data breach, with over a third having no data breach response plan in place at all.
The figures also suggest that one in five UK firms have suffered a data breach in the last two years, with 40 per cent of consumers having also been affected.
The problem is only going to get worse, according to Amir Goshtai, managing director of identity and data breach resolution at Experian Consumer Services.
“The prevalence and severity of data breach incidents will continue to accelerate, as will the volume of reported cases,” said Goshtai.
“When coupled with the potential for greater regulation, increased consumer awareness and widespread media coverage, it has never been more important for organisations to be well prepared,” he continued, arguing: “At the heart of any plan needs to be an unwavering focus minimising the impact on their customers.”
Goshtai warned that cyber criminal activity is now more prevalent than ever.
“Already on a single day in February 2015, there was more personally identifiable information illegally traded on the dark web than in a three-month period during 2014.
“Businesses in the UK are facing an uphill battle to protect themselves and their customers,” he added.
The problem is likely to be exacerbated when businesses that don’t have much of a grasp of cyber security issues, launch themselves towards use of connected devices and the Internet of Things (IoT). The desire to jump on the latest technological bandwagon could leave them even more vulnerable to data breaches, with connected devices potentially providing an easy way into networks for cyber criminals.
“The deployment of IoT, especially, will open up innumerable attack surfaces for cyber attackers to leverage,” said Debarun Guha Thakurta, technical insights research analyst at Frost & Sullivan.
“As a result, endpoint and wireless network security for IoT will leap to the forefront of technology development and wide-scale adoption,” he continued, arguing that cyber security providers will need to develop solutions that identify threats “at the point of inception” rather than spotting them only after the damage has been done.
However, despite the looming cyber security threats posed by connected devices and the IoT, Thakurta believes that the security industry will eventually step up to the challenge.
“The integration of futuristic technologies and mechanisms such as predictive threat analytics, machine learning and network and device behaviour analysis will quicken the march towards proactive cyber security solutions,” he said.
“The convergence of neural networks, machine learning and predictive analytics will further lay the foundation for a plethora of next-generation cyber security solutions,” Thakurta concluded.
Nonetheless, there are those who believe that no matter what technological precautions are implemented, data breaches are inevitable.
“Regardless of how good your security is, you’re going to get breached at some point,” Dan Lamorena, senior director in the HP enterprise security group recently told Computing.
“And so even if you’re the best secured organisation in the world, you’re going to be susceptible to your weakest link, which is your people.”