Nov 12, 2015
Last year, the average cost of a company data breach was a staggering £2.3 million. Worse still, the costs of data breaches are increasing, year-on-year, with 2014's average cost up 15% from the previous year. It's clear that company data breaches are a serious (and growing) problem for organisations. So how can we guard against them?
The Cause of Company Data Breaches
It's a common assumption most company data breaches can be attributed to problems with technology, and vulnerabilities in software. However, the majority of data breaches can be attributed to the people using the technology; users that engage with software and technology in an insecure way, and pave the way for hackers to successfully compromise secure systems, and retrieve sensitive information.Research shows that human error is responsible for 52% of all security breaches, and 91% of successful data breaches rely on the manipulation of an organisation's employees and customers, using spear phishing and social engineering attacks.In other words, insecure technology isn't your biggest problem. With 9 out of 10 company data breaches facilitated by employees and users taking insecure actions, it's people that pose the biggest security risk.
Reducing the Risk of Data Breaches
There's no doubt that technology solutions, like anti-virus software, anti-malware software, firewalls and proxy servers can help improve security - but without addressing the human risk to security, your organisation will struggle to reduce the likelihood of a serious company data breach.To take action on the cause of 91% of data breaches, you need to get to the heart of the problem. You need to improve the way employees and users engage with secure systems, and secure information. You need to improve the security awareness of your entire organisation.So how can we achieve that?
1) Roll-Out Security Awareness Training
As the costs of a successful data breach continue to increase, security awareness in the workplace is increasing. Still, 46% of organisations offer no form of security awareness training.From the C-suite to junior employees, data breaches can be triggered by anyone within your company. So, to protect against data breaches, your organisation needs to roll-out a mandated security awareness training program: across the entire organisation.
2) Tackle the 8 Principles of Security Awareness
Data breaches can be triggered by all manner of different mechanisms, including malware, device theft and phishing. A well-rounded security awareness program will tackle each of these potential issues, and offer employees and users advice on the characteristics of each attack vector, and the best practices that can help avoid them:
- Malware awareness
- Social engineering
- Password security
- Email security
- Physical security
- Mobile device security
- Travel security
- Phishing awareness
Learn more: 8 Essential Components of an Effective Security Awareness Curriculum
3) Use the S.O.C.I.A.L. System
If you're struggling to structure your security awareness training, it can be helpful to adopt the SOCIAL framework; offering six essential tenets of security awareness that can be taught, quickly and easily, to your organisation’s entire workforce.
Learn more: How to Use the SOCIAL System for Employee Security Awareness TrainingYou've improved security awareness. Now, it's time to tackle application security. Download our whitepaper below.