As far as months go, February was a big one for data security. The Next Web pointed out in a story that there have been attack on major news organizations like The New York Times and The Wall Street Journal, as well as big-time companies like Apple and Facebook. Emil Protalinski wrote on the website that it follows that no matter how tech savvy an individual is, they will likely be affected by an online security issue at some point in their Internet-browsing life.
"Don't get me wrong: there will always be criminals hitting large groups of ignorant users to make a quick buck," he wrote on the website. "Pushing malware to huge numbers of people and building botnets to send spam, stealing credit card information, identity theft, and so on is a very profitable business. At the same time, there will also continue to be specialized attacks against targeted organizations to steal intellectual property, industry secrets, and whatever else can be resold on the black market."
This is done by hacking computers, networks, devices or even just sending a lot of emails with malicious attachments to see which employees will open it. For those who think this is surely some jest from Protalinski on the Next Web site, he said anyone can be a victim due to the size and technical savvy of companies that have been breached like Facebook and Apple. With the watering hole attack as a play, which identifies a group and plants exploits on their page, many companies are left wide open for security breaches.
For businesses, seeing the watering hole attack become more popular may be a hard pill to swallow. Protalinski said this essentially means that employees can be performing day-to-day tasks and still fall into a trap.
"The good news is that once the malware threat is dropped on the computer in question, it can be always be detected and removed via the usual methods," he said on the website. "Of course there are always techniques to track down and figure out what has happened, but the initial entry in cases like this comes down to whether or not the user was browsing sites he or she already has before."
At this point, it will come down to education and teamwork between professionals, security officials and others to ensure that the effects of these attacks can be minimized, Protalinski said. He said both Facebook and Apple reported their attacks so that others would not fall into the same traps, so other organizations need to follow this lead and publicly disclose everything they can about their troubles to make sure other companies won't fall victim.
Prepare for danger
There isn't much of a question as to if companies will experience data security breaches, but how they deal with these breaches will be what says the most about they handle security as a company. According to InformationWeek, Craig Spiezle, executive director and president of the Online Trust Alliance, said small businesses especially need to start facing the chance of getting breached. Every company now has to figure out what plan they will have in place for a breach, including what their regulatory requirements are, who needs to be notified, when they need to be notified, and perhaps most importantly, what the business will say.
"One way to cut down your response time and outreach efforts: Prepare your customer and other external communications in advance," the website said. "It's tough to accurately message a breach if you don't know what data you had in the first place. If you've got a complete understanding of your information and how you handle it, you can develop solid communications templates in advance."
Data Security News from SimplySecurity.com by Trend Micro.