How Your Organization Can Avoid Getting Hacked

How Your Organization Can Avoid Getting Hacked

It seems we can’t go a single day without a new data breach making headlines.

  • By
  • Oct 02, 2017

It seems we can’t go a single day without a new data breach making headlines. A mid-year study found that between January 1 and June 30 of 2017, there were over 6 billion sensitive records exposed through 2,227 publicly noted data breaches.

In a year plagued by security woes, HBO and its executives are some of the most recent victims. Unidentified hackers broke into HBO’s systems and stole 1.5 terabytes of data including scripts, unreleased episodes and other potentially damaging information about internal ops. Some experts have postulated that the hack occurred due to out of date technology, non-existent cybersecurity protections, or unknowing employees who may not have secured their at home devices. Mandiant, the firm that investigated the Sony hack in 2014, has been brought in alongside the FBI in an effort to catch the hackers and prevent them from releasing any further proprietary HBO material.

These incidents have become so constant that they barely come as a surprise to consumers – what’s left instead is a common thread of frustration among the IT and cybersecurity communities. While the specifics of how HBO was hacked are still rumored at this time, there are some security best practices organizations should keep in mind to mitigate and prevent similar issues in the future.

Know your data

Only by understanding the data you hold can you effectively protect it. The information companies collect can significantly impact their odds of becoming a target of hacking and malicious intent. Larger companies with billions of customer data points (like Equifax) or smaller companies with weak defenses are most likely to become the victim of an attack.

 

HBO, as everyone knows, holds the most sensitive data of all – coveted Game of Thrones episodes, scripts and spoilers – which made the company a prime target. Understanding the data troves within your organization can help IT teams build stronger data protection strategies, which will help shield your company from a cyberattack.

Enhance the vendor vetting process

Since many organizations share highly sensitive information with their partners and vendors, implementing a rigorous third-party vendor risk assessment is a must. Creating a clear vendor vetting process and increasing visibility into suppliers’ cybersecurity controls will help eliminate any potential weak links in organizations’ own security protocol.

For validation of the importance of evaluating vendors on their cyber-standards, look to tech behemoths like AirBnB, Dropbox and Twitter. The four companies recently partnered to establish an industry vendor vetting standard which looks to measure suppliers’ security stability and risk. Organizations can follow in these companies’ footsteps by paying special attention to their own vendors’ security practices and processes. In many instances, understanding the technical controls and security programs of third-party vendors can be just as important as having a strong grasp of your own.

Institute continuous training and education

Many organizations make the mistake of focusing their data protection strategies on keeping the outsider out, but plenty of breaches actually stem from an insider – whether there’s malicious intent or not. This is why it’s so important to be aware of your employees’ workstyles and how your organization’s culture has impacted them.

A few questions to ask: Do your employees take it upon themselves to procure new tools or applications that make them more efficient? Do they understand why certain security controls are in place or the ramifications of sidestepping the rules? Do they care about the overall security of customer or internal data? These questions should all be core to your IT department’s culture, meaning they should bleed over into the larger organization’s culture as well.

While your IT and compliance teams may be up to date on industry-wide security standards and best practices, it’s also important to ensure employees know how to safely handle sensitive data. But don’t assume it comes naturally to anyone. Employees must be trained on everything – from what they can store on a personal computer and where they should be saving documents down to what a phishing email looks like. Education and training cannot be a once a year, top-down practice. Instead, organizations must weave best practices into the culture of the entire company.

In order to avoid the same fate as HBO, organizations must be knowledgeable about the data they hold, be vigilant in their vendor vetting processes and view security as an organization-wide initiative. By making security a core aspect of company culture, organizations will have educated employees that genuinely want to protect data, validate their vendors and keep their company from becoming the next data breach headline.

Featured

  • Creating More Versatility

    Today, AI has become top of mind for most security professionals. It is the topic of conversation in the technology world and continues to transform the way data is used to make important business decisions. Read Now

  • Report: 78 Percent of CISOs Seeing Significant Impact from AI-Powered Cyber Threats

    Darktrace recently unveiled its 2025 State of AI Cybersecurity report. The findings reveal that 78% of Chief Information Security Officers (CISOs) surveyed say that AI-powered threats are having a significant impact on their organizations, a 5% increase1 from 2024. While an increasing number of CISOs report feeling a significant impact from AI threats, more than 60% now say that they are adequately prepared to defend against these threats, an increase of nearly 15% year-over-year. However, insufficient AI knowledge and skills and a shortage of personnel and talent continue to be listed as the two top inhibitors to a successful defense. Read Now

  • Teaching AI New Tricks

    You have probably heard that AI-enabled security cameras are evolving the role of traditional surveillance cameras, shifting the focus from passive monitoring to active problem-solving and operational insights. AI technology changes fast, so what is new can be considered only news in just a few months. Read Now

  • From the Most Visible to the Less Apparent

    The Cybersecurity and Infrastructure Security Agency (CISA) states “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, and national public health or safety or any combination thereof.” Read Now

Most   Popular

New Products

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.