If you want something new, you have to stop doing something old.

Another day, another data breach — here’s the number one thing you can do to actually protect yourself

Stu Sjouwerman · 12 Dec 2019 ·

Last year, experts reported that data breaches cost businesses an estimated $27 billion in 2017. The staggering amount doesn’t surprise cybersecurity analysts. However, the increasing frequency of the attacks has popularized a new, dangerous cybersecurity apathy among organizations, also known as “data breach fatigue”.

Organizations who’ve had their data stolen are neglecting to improve their security measures, believing there’s nothing they can do to prevent future attacks — that developing countermeasures isn’t worth the time or effort. “I actually call that the fallacy of futility,” said one cybersecurity expert, in an interview with CyberWire’s Hacking Human podcast.

The increasingly digital nature of our world has created a perception that nothing is private anymore. At the same time, privacy isn’t a binary concern. In other words, the truth is that we are neither “exposed or not exposed” — rather, there’s a whole spectrum of data security, and every person and organization falls into a unique place on it.

A data breach is a serious setback, but doesn’t need to be the death knell of an organization. In many cases, breached data isn’t accessible to petty criminals who could use it to commit identity theft and other crimes. The U.S. Government Office of Personnel Management (OPM) breach, for example, which was believed to have been the work of Chinese intelligence services, is a good example of this.

Organizations can reduce the impact of future data breaches by investing in training for employees, deploying security automation technologies, and increasing the speed with which they react to a breach. However, this proactive approach is only possible if organizations shake off this breach fatigue.

We’ve gotten so numb to these massive breaches that it feels like they’re almost inevitable — and that feeling comes with a tendency to just assume that there’s nothing we can really do about it.

But that kind of passive approach to cybersecurity is rooted in the number of breaches we hear about on a weekly basis; a perception made worse by the comparatively small number of cybercrime prosecutions that reach the news.

Breach stories like the colossal Marriott hotel hack, which compromised the credit card details and passport numbers of up to 500 million guests, can numb our senses and make us feel like it’s only a matter of time until we get hacked. After all, if Marriot and Equifax and Yahoo can be compromised, who is safe?

But with a data breach costing organizations an average of $1.41 million, there is simply no way you can sit back, quietly succumb to the “fallacy of futility” and leave your cybersecurity up to chance.

It is very much worth arming your organization with an effective, dynamic, and ongoing cybersecurity strategy. To the best of your abilities, you can protect your data, protect your customers, and protect yourself.

>