Rising Rates of Security Breaches: A Silver Lining | GBAF

Rising Rates of Security Breaches: A Silver Lining | GBAF

Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > What Your Business Can Learn From Security Breaches

What Your Business Can Learn From Security Breaches

Published by Gbaf News

Posted on May 13, 2013

7 min read

Last updated: January 22, 2026

Professional woman analyzing data security breaches in business - Global Banking & Finance Review — Lysa Myers discusses important lessons for businesses from recent security breaches, emphasizing the need for effective protection and understanding vulnerabilities in the finance sector.

lysa-myers By Lysa Myers

You might think that soaring rates of computer security breaches on businesses is simply bad news. How could it not be when we see report after report of major businesses whose networks have been compromised? While there may be an endless number of holes through which attackers can get into a network, there’s another side to this story. There is always some hope to be gleaned from doom and gloom security statistics.

“Mature Market” or “Battle Tested”?

On the one hand, an increase in breaches means attackers are either more numerous or more successful than they have been in the past. It’s likely to be a bit of both as the criminal underground has become a more mature market. For example, feature-rich toolkits fitted with the latest exploits are available to attackers even before vendors can patch their vulnerable software. Black markets are now mature and easily accessible. This means criminals know exactly how much data will sell for and they know how to best spend their time to generate a maximum return on investment.

On the other hand, these tools and data are available to everyone, not just the “bad guys”. And, most importantly, the means to fix or mitigate problems are readily available too. These are just as easily used to determine your company’s own weaknesses to find ways to protect yourself. Let’s not forget, the cost benefits for protecting your business is inherently higher than it would be for an attacker to try to bypass your defences.

The more a platform or operating system has been successfully attacked, the more the attackers have shown their hands. We know what browser plugins or content management systems or software applications they prefer to attack. We know what exploit techniques they look for. We know how they try to thwart defences and hide their tracks. This is all information we can use to spend our time and money more effectively to decrease the value for attackers.

“Abandon Hope” or “Just Run Faster Than the Other Guy”?

There are a lot of people that like to declare that some security technology or other is “dead” – how it cannot possibly protect you, and is therefore useless. However, the fatalists are ignoring the fact that, while those same technologies were never meant to protect you against every possible type of attack, they still have some use. Just because something isn’t a silver bullet doesn’t mean you should toss it out the window, roll over and let the rampaging hordes strip you of all your valuable data.

By making incremental improvements to the protection of your data and the systems in your network, you can make yourself a less tempting target to cybercriminals. That’s very important – there are plenty of businesses that are ignorant of how to properly protect their systems and data. And by being better protected than average, you will immediately cut off the least motivated attackers. By being well protected, you can either block or mitigate the damage of all but the most skilled and determined attackers.

You don’t have to break the bank or have the greatest defensive minds in the industry to protect yourself, because the best defence is comprised of lots of different elements, so you can add a piece at a time. One of the best pieces of the defensive puzzle is information gathering, which may be time-consuming but also fairly simple.

How Can We Do That?

There are three steps you need to perform to be well protected. You can start small with each of these steps and then build on them as you have the need, time or resources.

1. Identification
Identification of the data and resources on your network can be a bit of a rabbit hole – you could spend an infinite amount of time watching the never-ending changes that happen moment to moment. But you can still get a lot of value out of simply increasing the visibility within your network, and there are a lot of products that can help you automate this process.

The first step is finding all the machines that are supposed to be connecting to your network. From there, you need to figure out what data lives where – both customer data and proprietary data. Having a product like Identity Scrubber can help you find a wealth of data such as passwords, credit card details, national insurance numbers, etc. Don’t forget to check your publicly available information – is there information on your website that would give an attacker clues that could be used to talk your employees out of sensitive information?

Once you know the systems and data you have, you can then better monitor changes to those systems. For example, these changes will let you know when someone or something is in your network that should not be.

2. Restriction
Now you know what you’re trying to protect, you can go about restricting access to those people that shouldn’t be accessing it.

The most obvious things to consider are things like anti-malware products and hardware / software firewalls. Larger businesses may have these in place already, but many smaller businesses may not feel they have the expertise to manage these. Modern security products have come a long way, and are now geared more towards simplicity. Also, many vendors now offer managed services, which means the difficult management is done for you.

Passwords are equally obvious, but often ignored – having an enforced policy for strong, unique and frequently refreshed passwords can go a long way towards deterring attackers.

The least commonly understood way to restrict access by attackers is what’s called the Principal of Least Privilege. Users should not have access to any data or resources that they don’t need. This could mean former employees, or people that only need data for a short period of time, or it could mean restricting people in one department from being able to access data from another department. Does someone in Development really need to be able to access information from Finance? Or does Finance really need to access Development servers? If someone does talk that person in Human Resources out of his or her login password, restricting access may be what keeps an attacker out of more sensitive information.

3. Remediation
In the event someone does make it into your network, it still doesn’t mean they will necessarily get the valuable data they seek. There are ways to make your data so difficult to access that their hard work will be for nothing.

The first step is to take the data you’ve identified and encrypt it. You will want to go a step further with usernames and passwords, by salting and hashing them so that they can’t easily be retrieved. Security software can be helpful here too; known malicious behaviour or files should be identified before they can infiltrate systems.

Just because the news on information security appears bleak does not mean everything is doom and gloom. There are simple things you can do to drastically decrease the possibility of catastrophe and to get your organisation that much further ahead of the pack.

Now is the time to make those changes, so you won’t have to be another statistic.

Lysa Myers is a virus hunter for Intego, a Mac security software company that has developed award-winning antivirus and network protection solutions for the Mac platform since 1997.