IBM: $3.62M reasons to not overlook these four security flaws

this is fine

With so many data breaches in the news, do you know what it takes to keep your company out of the next major headlines? According to the Ponemon Institute, the average cost of a data breach is a whopping $3.62 million. It’s a hefty price tag for situations that typically boil down to faulty security.

IBM security experts suggest improving these four areas they see companies fail at again and again.

Lack of awareness

One of the biggest problems is also one of the toughest to understand and solve.

No doubt you have rules and laws to follow, whether it’s Payment Card Industry compliance or state cybersecurity standards. But even if you’re following these regulations and meeting all the requirements, you may not be fully protected.

Many companies fail to protect their data because their awareness stops at compliance – meaning they’re only doing the bare minimum. But regulations sometimes fail when it comes to real-time application and feasibility.

One way to make sure every angle is covered is to add more focused controls in your monitoring. The bare minimum may be looking at activity on your servers and blocking unauthorized access to critical areas. Going above and beyond to make sure everything is covered means also looking at what people are doing with their access and judging whether their actions are warranted.

Poor Priorities

Resist putting on every control imaginable, however. Sometimes, when trying to make sure nothing gets through its defenses, a company’s IT team tries to monitor every little thing.

What should be done instead: Start small and broaden the scope.

Think of it this way: Not all of your data is created equal, so why are you monitoring it equally? Identify and watch your most sensitive data first, and tighten the controls surrounding its access points.

Another area to look at is user groups with credentials that, when stolen or used inappropriately, will do the most damage.

Implementation failure

When databases and protections are left on their default settings, disaster is just around the corner.

These situations usually unfold as new systems and databases are being rolled out. Usually a test or sample is made before the final version of a project is published, and these tests often come with the default passwords and security settings. In the flurry of activity leading to a project’s finish line, these old security settings can be forgotten.

But that’s a huge problem, since hackers know the defaults and look for known vulnerabilities within them. This happens frequently enough that companies should have plans in place to triple-check all test sites and servers before transferring them to their final live versions.

Lack of ownership

This final flaw could be your biggest headache yet.

It’s a lack of executive sponsorship, and that leadership vacuum can be costing you big time. When IT doesn’t have upper management in its corner, that usually indicates there’s a larger cultural problem where IT is viewed as overhead rather than a critical part of the company.

And that’s unacceptable in today’s business landscape.

Adapted from IBM’s online presentation “Epic Fails in Data Security and How to Avoid Them”