The Cisco report further identifies key factors that are contributing to the risk exposure. The factors include:
Aging infrastructure: Between 2014 and 2015, the number of organizations that said their security infrastructure was up-to-date dropped by 10 percent. The survey discovered that 92 percent of Internet devices are running known vulnerabilities. Thirty-one percent of all devices analyzed are no longer supported or maintained by the vendor.
Shifting server activity: Online criminals have shifted to compromised servers, such as those for WordPress, to support their attacks, leveraging social media platforms for nefarious purposes. For example, the number of WordPress domains used by criminals grew 221 percent between February and October 2015.
Browser-based data leakage: While often viewed by security teams as a low-level threat, malicious browser extensions have been a potential source of major data leaks, affecting more than 85 percent of organizations. Adware, malvertising, and even common websites or obituary columns have led to breaches for those who do not regularly update their software.
While many organizations focus their attention on the security of customer data, IT security firm Sophos explains in its report, The State of Encryption Today, that employee, company and cloud data are not protected to the same degree. After surveying 1700 IT decision makers in the U.S., Canada, India, Australia, Japan and Malayasia, Sophos made some eye-opening discoveries.
Thirty-one percent of the companies surveyed that store employee data admit that employee bank details are not always encrypted. Forty-three percent of the companies holding sensitive employee HR files don’t always encrypt them, and nearly half of those that store employee healthcare information (47 percent) fail to consistently encrypt these records.
“Data breaches happen to large and small companies every day, and the last line of defense against that breach turning into a corporate crisis is a comprehensive data encryption policy,” commented Dan Schiappa, senior vice president and general manager of Enduser Security at Sophos. “While it is the customer data breaches that hit the headlines, companies have the same obligation to protect sensitive employee data, and they should not overlook it.”
Company data remains at risk as well. Nearly one-third (30 percent) of all organizations surveyed fail to always encrypt their own corporate financial information, and nearly half (41 percent) inconsistently encrypt files containing valuable intellectual property.
Cloud data security is also an issue. More than eight in ten companies (84 percent) expressed concern about the safety of data stored in the cloud. Nonetheless, while 80 percent are using the cloud for storage, only 39 percent encrypt all files stored in the cloud.
Companies can do more to ensure information security, but so can employees. Even something as simple as passwords still need some work. SplashData announced the 2015 edition of its annual Worst Passwords List that highlights the insecure password habits of Internet users, and “123456” and “password” once again are the most commonly used passwords. These passwords have held the top positions since SplashData’s first list in 2011. Although some new and longer passwords made their debut, the longer passwords are so simple that it makes their extra length virtually worthless as a security measure.
Given the findings from Cisco, Sophos and SplashData, it is clear that information security is an ongoing challenge for which all stakeholders from companies to employees can make improvements. Hopefully, the remainder of 2016 will bring more focused efforts to do so.
(Photo: Dollar Photo Club)