[ad_1]
5G image: — © AFP
It has been ten years since the Target data breach that impacted over 40 million customers — and cost Target $18.5 million in settlements. However, security and business professionals still have lessons to learn when it comes to data protection.
Theresa Lanowitz, former Gartner analyst and Head of Evangelism at AT&T Cybersecurity, explains to Digital Journal how, even in the age of AI and technology advancements, the threat landscape continues to evolve rapidly and requires a vigilant and proactive approach to even the most (seemingly) basic security protocols.
Lanowitz observes that “Data breaches still exist. Adversaries still get tremendous value from seemingly simple things such as name, address, email, contact lists, etc. This data can be used to validate a person against other accounts with valuable information such as financial or medical.”
Of the different attack modes, attempting to impersonate another for financial, political, or power gains is a common fraud. Lanowitz fears that in “the digital age makes fraud with breached data easier to weaponize. It may seem trite, but cybersecurity hygiene goes a long way to thwart attacks.”
This manifests as: “With each new cybersecurity incident, there is an attempt to put more guardrails around how businesses conduct themselves, how data is handled, and how targets of a breach need to be treated.”
One way to strengthen control is through regulations: “Collectively we have seen new regulations implemented regarding timeframes for notifications of breaches.”
There are other measures to adopt, Lanowitz explains: “The addition of cybersecurity controls and tooling is also something that is a necessity in today’s complex world. Utilizing trusted third-parties such as cybersecurity consultants to act as a strategic partner, managed security services to act as an extended member of the team, or global systems integrators who evolve best practices are recommended.”
Drawing on an example, Lanowitz puts forward: “In the 2023 AT&T Cybersecurity Insights Report, 71 percent of global survey respondents say they work with a trusted third-party once a use case is put in production. Being able to drive operational efficiency within the allocated cybersecurity budget is recommended. Operational efficiency can be achieved by engaging with a managed security services provider.”
Drawing from this, Lanowitz raises: “Social engineering tactics remain strong and organizations need to take a proactive approach to preventing attacks such as account takeover, business email compromise, and personal information exfiltration.”
Lanowitz’s final point is that people need to be careful about how much data they provide to companies. They find: “Living in a digital world comes with convenience as well as risks. When turning your data over to a company, both publicly (social media) or privately (financial) you should ask yourself the level of risk you are willing to accept if there is a breach. In many cases turning over digital proof of who you are is a necessity for things such as obtaining a home loan, enrolling in a government-run travel program, or obtaining a credit card.”
[ad_2]
Source link
