What is the ‘right’ amount of money to invest in cybersecurity infrastructure and policies? Many organizations believe there is a growing need to invest more in enterprise network security solutions to combat cyber risks. However, reports reveal more than half of enterprises fail to evaluate cybersecurity investments and performance against well-known standards. In this article at The Hacker News, the author explains why companies fail to stop security breaches despite soaring investments.
Security Challenges Companies Are Facing
Studies have identified that within the first quarter of 2020, the UK government exposed 28 million children’s data to betting companies, while Microsoft admitted a data leak of 250 million customer support records. This included customers’ IP addresses, geographic data, and other sensitive information.
Why are companies still experiencing security breaches? Many companies invest in technologies that claim to solve security-related problems. However, the implementation process takes years. Additionally, it demands highly skilled resources to install security technologies. Other reasons for cybersecurity investment failure include:
- Lack of knowledge
- Inadequate resources
- Expensive solutions
“The most common cause behind data breaches is the leak of some authentication measure—this may be a username, password, token, API-key, or a negligent password-less server, or application,” says the author. Furthermore, many large organizations install data leak prevention technologies but fail to protect against password leaks and account takeovers. This demonstrates that enterprises must periodically assess their security posture and increase awareness among end-users
How Can Organizations Protect Themselves?
Enterprises must simplify the management and automation of their cybersecurity solution processes. Labor-intensive, complex, and manual solutions will only increase risks to the organization and impede productivity. Furthermore, organizations must regularly test employees on their security awareness through simple assessments at the end of a training program or by sending fake phishing emails designed to see if employees fall prey to them.
Remember, having a solid cybersecurity culture will work wonders in lowering cyber risks. Read the original article by clicking on https://thehackernews.com/2021/03/why-do-companies-fail-to-stop-breaches.html.