Three Cybersecurity Mistakes and How To Counter Them
March 4, 2024
Stuart Madnick, writing in The Harvard Business Review, notes that despite efforts to strengthen cybersecurity, there was a 20 percent increase in data breaches from 2022 to 2023. That continues a longstanding trend of year-on-year increases. He identifies three primary reasons.
Cloud misconfiguration is number one. More than 60 percent of the world’s corporate data is stored in the cloud. In 2023, eight of 10 data breaches involved data stored in the cloud.
Madnick defines misconfiguration as unintentional misuse of the cloud, mainly permissive cloud access; unrestricted ports; and use of unsecured backups.
Misconfiguration can be countered by avoiding shortcuts, making sure that the cloud configuration is set correctly, and verifying that cloud storage is used correctly.
New kinds of ransomware attacks are the second factor. Chief among them are the threat of public disclosure in addition to encryption, and the emergence of ransomware as a service. The latter includes franchise arrangements, purchase or monthly rental of malware, and payment arrangements to accommodate start-up data thieves, splitting the ransom, for example.
Countering these types of attacks requires fast, efficient backups, and prevention of exfiltration and exposure of data. Constant monitoring of data transfers to sites outside your systems and halting illicit transfers are the first steps. Second, only store data in an encrypted format, so that even if an attacker can exfiltrate your data, it cannot be read or disclosed.
Most companies have increased their cybersecurity, which leads to the third factor, accessing data via vendors’ systems. The vendors are often small companies with limited cybersecurity resources. Once attackers gain control of their systems, they can use them to steal their customers’ data.
Counter this threat by using services that provide “cyber security credit scores” to evaluate an organization before doing business with it. Limit each vendor’s access to what is necessary, and monitor data being exported from your systems to detect illicit exfiltrations.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.