How can we avoid being in the news for bad reasons, specifically data breaches? The problem is, threat actors are using increasingly sophisticated tools, leveraging powerful new technology as well as more and more effective social engineering. And despite a big push for cyber to be taken seriously by Boards and regulators, old-school attacks are still working in a lot of cases as well.
As hacking capabilities have increased, the sophistication of bad guys themselves has decreased. It used to take a lot of resources and skill to breach big companies – now many of the dissections of large organisation breaches are showing that the exploit used was fairly trivial. This means more and more unskilled, idle-handed opportunistic criminals are entering the fray, because the payoff they can get is likely to exceed the effort required.
We need to take usual steps to stop them getting in, to our network and our supply chain, increasing effort required. But we also must go a step further and reduce the potential reward. If they must work harder to get in, only to find the most high-risk data has already been locked down, hardened, or disposed of, they will be discouraged from another attempt.
This article by Rachael Greaves originally appeared in IT Pro