Shulou(Shulou.com)06/01 Report--

Original: safe Niu

Today, data security has become a top priority for companies, consumers and regulators.

In recent years, data breaches and privacy incidents have become more and more common and costly. A study by Risk Based Security found that data leaks increased by more than 54 per cent compared with the same period last year. Meanwhile, IBM's annual data breach cost report found that the average total cost of data breach was close to $4 million.

Obviously, as privacy and security become the new symbol of the digital age, data security and privacy will be the top priority for enterprises in 2020. Below we summarize 20 kinds of data security risks that enterprises may face in 2020.

1. Accidental data leakage

Usually, people always associate data disclosure and privacy violations with network intrusion, and lawbreakers take advantage of specific loopholes to steal information. But don't forget that more data leaks are often caused by negligence and accidents.

For example, a study by Shred-it found that 40 per cent of senior managers and small business owners said negligence and accidental losses were the root causes of their most recent security incident.

two。 Overworked IT administrator

Today's threat situation can be exhausting, especially the IT administrator responsible for protecting the company's most important data.

Lawbreakers only need to be right once to break through the defense line of the enterprise, causing serious losses, while the IT administrator must do his best to protect it, and the pressure can be imagined.

3. Employee data theft

In most cases, employees are the company's biggest asset, which can facilitate the exchange of goods and services, thus enabling the business to flourish.

Of course, sometimes, accidental or intentional employees may be the greatest responsibility of the company. It is common for current and former employees to steal company data. In June 2019, a former employee stole personal data from nearly 3 million customers, making it one of the biggest data disasters in the country's history.

4. Dangerous digital communication

Digital communication is a ubiquitous part of our daily life. For companies that strive to protect customer privacy, digital communication loopholes and risks are everywhere. What is most frightening is that a large number of employees use personal devices or personal accounts to transmit sensitive customer information.

5. Phishing fraud

An analysis by Microsoft found that phishing fraud has increased by 250% this year. Moreover, these technologies are becoming more and more complex, making them both difficult to identify and more successful to implement.

These emails can flood the company's inbox. At the same time, clicking on a single employee can destroy a large amount of company data.

6. Data theft ransom extortion

Lawbreakers have many ways to profit from stolen data. Although the "dark net" provides a broad network of sales opportunities, more and more cyber criminals are not selling data online, but are beginning to collect ransoms directly from the "losers".

Blackmail software has gained new life, an increase of 500% over the same period last year, and poses a serious data security risk to businesses, government agencies and other organizations.

7. Employee bribery

In the past few years, employees of a number of well-known companies have leaked corporate data because of taking bribes.

In 2018, Amazon investigated the roles of several employees in bribery programs that destroyed the company's data. Recently, there have been reports that AT&T employees are taking bribes to plant malware on the company's network to gain insight into how AT&T works.

8. Ransom network

In 2019, municipalities across the United States destroyed their IT infrastructure by blackmailing software. But the threat is not limited to government agencies. Small and medium-sized enterprises and other enterprises that do not have the latest network security features are vulnerable to this threat.

9. Everyone has access to all data at any time.

Employee access to company or customer data should be a rigorous arrangement that matches business needs to minimize abuse or abuse opportunities. However, too many companies assign too loose access to data to their employees, greatly increasing the likelihood of security or privacy issues in the future.

10. Privileged users are given too many access rights

Data privacy extends to everyone, including employees, and every company needs to make sure that someone is monitoring the monitor. Failure to implement accountability at all levels of the organization could lead to data privacy incidents next year.

11. Employees need more money.

There are many reasons why employees steal company data, but the most obvious and one of the most obvious motivations is money. A study by Deep Secure found that 45 per cent of employees would consider selling company data to outsiders, and that the information was incredibly affordable.

For these bad employees, the data may be cheap, but for companies, it may mean a high price.

twelve。 SME executives seriously underestimate the priority of network security

What we often see in news reports are data leaks from large companies, but the fact is that small and medium-sized enterprises are the most likely to encounter cyber security problems, while unfortunately, SME executives are often the least likely to give priority to cyber security plans. A study conducted by Keep Security found that 66 per cent of small and medium-sized enterprises did not believe it would cause data leaks.

13. A boring employee

According to Verizon's "data breach investigation report", it is a surprising fact that nearly 24% of data breaches are caused by employee boredom. The report found that "pure fun" is one of the main causes of cyber security or privacy violations.

14. Spear phishing activity

Phishing is annoying, but spear phishing is frightening. This particular method of phishing uses previously stolen data to create exceptionally realistic emails that are difficult to stop and defend.

15. Data leakage is only the "first drop of blood" of Internet fraud.

Often, data breaches or privacy violations are only the first drop of blood in a growing number of cyber crimes. For example, a report by risk-based Security (Risk Based Security) found that email addresses and passwords were the most popular in online data, with 70 per cent of all data breaches occurring in e-mails.

16. Angry founders and executives

Few people have unrestricted access to company data like the founders and senior management of the organization. This is not a problem until they decide to leave the company or are forced to quit because of institutional or market developments, their "unhappiness" will become a big problem.

Privileged users often have vulnerabilities because they are implicitly trusted while oversight exists with little or no oversight, creating unnecessary opportunities for data loss and invasion of privacy.

17. Employees steal data for personal career development

A staggering number of employees are willing to steal company data to gain an edge in the job market. For example, two former Apple employees of Apple's secret car project were charged with data theft after stealing more than 2000 documents related to the project.

18. An incredibly simple password

A Google study found that 1.5 per cent of all login credentials used on the internet are vulnerable to voucher filling issues that traverse previously stolen account information and further damage the company's IT infrastructure.

19. The show-off of lawbreakers

Most of the time, lawbreakers invade just to get the capital they show off in the circle. In July, Capital One, a credit card company, suffered a breach in which data leaked 100m records, which was the cause of all the errors.

20. Give up

Today's dangerous digital environment may be paralyzed. Frustrated by the idea that security incidents or invasion of privacy are inevitable, too many companies will give up rather than seize the opportunity to strengthen their defenses.

2020 will be fraught with risks, and every enterprise should prepare for information protection in advance on how to deal with this uncertainty and how to plan to protect corporate and customer data. The development of the Internet can play a supporting and leading role in national strategies such as network power, digital China, intelligent society and digital economy, and information security needs to be put in the first place.

In order to help enterprises prepare for the growing deterministic risks, Bi'an Technology conforms to the trend and launches a brand-new information security protection product-Bi'an Cloud Shield, for the protection of websites, Internet +, the Internet of things and other scenarios. Bian Yundun provides 24-hour uninterrupted response service, which can provide timely and rapid response plans for different intrusions, and basically achieve "zero interference" for users in the deployment phase. After the deployment of Bi'an Cloud Shield products, the overall protection process will not cause new security risks to users; Bi'an Cloud Shield provides intelligent dual-core services during the protection period, that is, it can be discovered in time through a proprietary knowledge base and expert database, and the corresponding disposal can be carried out according to the user's presupposition.

In the future, the core of network security is technological security. As a pioneer in the field of information security in construction engineering, Bi'an Technology, as the first to apply "Bi'an Cloud Shield" and other information security products in the field of construction engineering information security, will devote itself to research, develop comprehensive and systematic information security products of building networking and Internet, and escort intelligent collaborative platforms, smart construction sites, smart buildings and smart cities.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.