Preventing data breaches should be a top focus for any enterprise, regardless of size. Cybersecurity threats are ranked by Allianz as the number one Business risk for 2023, ahead of issues such as economic uncertainty and business interruption, so must be prioritized accordingly.

However, while the majority of businesses are aware of the problem, a large number still have a limited understanding of the range of threats they face and how to mitigate their exposure. According to research by (ISC)2, the global cybersecurity workforce needs to grow by 65 percent to meet demand, while it has been reported that four out of five firms (80 percent) have experienced at least one breach that was directly attributable to a lack of skills or awareness, with 20 percent suffering five or more preventable incidents.

Step one in developing a strong data security strategy is to ensure you have a full idea of exactly what risks you face and how your business is likely to come under attack. This means being aware of the latest techniques used by hackers and what steps you’ll need to take to counter them in order to prevent data breaches.

It can be hard to keep up with these, as cybercriminals are constantly evolving their tactics in response to tougher defenses. Smaller organizations in particular may find this difficult if they don’t have the resources to support full-time cybersecurity professionals. However, with knowledge of a few key focus areas, and the help of managed virtual chief information security officer (vCISO) solutions, firms can greatly improve their data protection and reduce their risk of falling victim to an attack.

Broadly, a data breach refers to any incident in which company-owned information ends up in the hands of someone without the authorization to view it. The most traditional form involves an external attack where a hacker is able to access and exfiltrate data from a business, but this is not the only risk firms face. 

Accidental data exposures can also be costly. This may occur if a device is lost, if data is shared with the wrong people, or if it is inadvertently left publicly accessible due to system configuration errors. Then there is the threat posed by people within the organization – known as malicious insiders – who may hold a grudge against the company and be able to use their privileged access to steal sensitive information.

While every business is at risk of a cyberattack, there are certain sectors that attract particular interest from hackers. BlackFog’s 2022 State of Ransomware Report found the following industries are most likely to fall victim to an attack:

• Education (17 percent of attacks, up by 49 percent year-on-year)
• Government (16 percent, up 17 percent)
• Healthcare (15 percent, up 49 percent)
• Technology (11 percent, up 14 percent)

Typically, what these have in common is a high volume of sensitive data, a major dependence on digital information, and limited financial resources. Taken together, this often means that victims determine it will be better to pay up in order to end a ransomware incident. 

While law enforcement organizations strongly recommend not paying, refusing a demand will usually increase the time to recovery, and for small businesses dealing with sensitive data, this could put the future viability of the firm at risk.

According to IBM, the average data breach costs a firm around $4.45 million – but in some cases, the expenses can far exceed this. For example, the recent incident at MGM Resorts, which disrupted customer-facing operations for ten days, is estimated to have cost as much as $80 million.

Direct financial costs, such as ransomware payments, regulatory fines and investigation and remediation expenses, are only the tip of the iceberg, however. Costs from lost business, downtime and reputational damage can be much harder to quantify, but can last for years and easily dwarf the types of issues that cybersecurity insurance may offer some protection against.

While it may be large enterprises that generate the most headlines when breached, many attacks are targeted at smaller firms. Attackers can often take advantage of weaker protections and less extensive expertise in order to access these systems. 

Once hackers have stolen data, a less-sizable enterprise may also be more inclined to make a ransom payment as they will often not have the capabilities to sustain a long period of downtime, or an incident response team with the skills and experience to rebuild from scratch.

It can be hard for small enterprises to manage all the tools they need to address these issues. But by developing a clear set of data breach prevention best practices, sharing the right knowledge with employees, and using advanced, automated tools that can be deployed without the need for extensive resources, firms can ensure they stand the best chance of success.

An important area to focus on is ensuring you’re protecting the right data. Given the large volumes of information even the smallest firms possess today, it’s often not practical to apply the toughest measures such as encryption to it all equally. Therefore, firms will have to make decisions on what data to prioritize.

Traditionally, one of the main goals of a cyberattack has been to access personal information, especially details such as financial records, Social Security Numbers and other personally identifiable information that would be of use in fraud and identity theft. 

Having this data compromised can be hugely costly for firms, as it will not only draw the attention of data protection regulators, but often result in a complete loss of trust with customers, who will take their business elsewhere if they do not feel their private information is safe.

Increasingly, however, trade secrets, research and development data and other operational information are viewed as more valuable than personal data. In many cases, the purpose of exfiltrating this is not for hackers to sell it on directly, but to extort payments from their victims in exchange for not releasing the data to the public and competitors. 

This tactic has been used in attacks targeting some of the world’s biggest brands, such as Apple, which have resulted in the release of R&D data and other private information.

According to Verizon’s 2023 Data Breach Investigation Report, almost three-quarters of incidents (74 percent) involve human error, whether this is misuse of data or falling victim to a social engineering attack. Therefore, it’s clear that one of the best things any business can do to reduce its risk is to ensure all employees take responsibility for their actions, and have the necessary knowledge and training to do this.

Basic training – such as enforcing the use of unique, strong passwords for each application used by employees and teaching individuals to recognize telltale signs of phishing attacks – is essential. Other areas to emphasize include avoiding the use of untrusted remote networks and consumer-grade applications.

Training is only useful if the lessons sink in. Therefore, it’s important to test employees regularly to ensure they’re following instructions on areas such as email and password security.

The key to defending against data breaches is to take a defense in depth approach that protects your business at every level, including tools to protect entry points from infiltration, controls to stop unauthorized access to critical applications and databases, and monitoring technology that can keep an eye on endpoints to prevent data exfiltration attempts. 

Focusing primarily on the perimeter can allow hackers free rein inside your systems if they are able to bypass first lines of protection, so it is important to have tools that look inward and can stop sensitive data leaving the network.

Taking a layered approach is also vital in meeting data protection regulation requirements. Rules such as GDPR have clear standards that any firm handling personal data must meet, including the use of certain technologies such as encryption and the appointment of a designated data protection officer with responsibility for overseeing these activities.

To assist with this, here are a few of the key technologies that should be on every firm’s shopping list in order to prevent data breach issues.

Protecting your employees’ inboxes is a critical first line of defense against threats. It’s estimated that 94 percent of malware enters a network via this channel, while phishing attacks trying to get users to hand over data or credentials are also a common method of gaining access.

As such, good email security is vital, and in today’s environment, this needs to include a range of features. As well as traditional antispam and malware filtering, the software should be able to check for spoofed addresses or links, identify advanced phishing techniques like business email compromise, and encrypt data. Advanced artificial intelligence (AI) tools are also highly useful in detecting patterns and trends.

In order to maintain awareness of what’s going on within your network, a Security Information and Event Management (SIEM) solution is another essential tool. This provides a holistic view of activity across the network from a single, centralized dashboard by collating events and logging all suspicious incidents.

These solutions are particularly useful for reducing the time to detection for threats that have slipped unnoticed past perimeter defenses. According to IBM, it takes the average firm 277 days to find and contain a breach, while only one in three organizations detect an incident themselves, so improving visibility with the right tools can play a key role in mitigating harm.

As well as solutions to study the network as a whole, it’s also important to have dedicated tools focusing on your endpoint security. This is how threat actors will gain access to the network, and how they’ll exfiltrate data from it, so they should be a top priority for any cybersecurity strategy.

Endpoint detection and response (EDR) tools monitor every activity across all your touchpoints, which may include mobile devices and Internet of Things equipment as well as traditional desktop and laptop PCs. They should be able to quickly detect threats, prevent the spread of malware and provide real-time insight into your network.

One area that’s easy to overlook is ensuring all your systems and applications are up-to-date. This is essential in avoiding issues such as zero-day vulnerabilities, but it can be challenging to keep up with a clear schedule of patching and updates, especially if firms have expensive networks or limited IT resources. 

However, not doing this can be very expensive. In fact, one study estimates that a security breach caused by unpatched vulnerabilities can cost 54 percent more than one caused by a phishing attack. Having dedicated patch management software can make this process much easier, automating key activities and ensuring vulnerabilities are addressed as soon as they are identified.

The final piece of the puzzle is a data loss prevention (DLP) solution to prevent sensitive information leaving the network. However, while firms can opt for a traditional enterprise DLP tool, developed in the 1990s, these legacy options often struggle to accommodate the needs of a modern remote workforce while failing to spot the latest attacks, which are often designed specifically to evade detection by the type of legacy, signature-matching technologies these tools use. 

Instead, advanced anti data exfiltration (ADX) tools will offer a higher level of protection. As well as taking a more advanced behavioral approach to monitoring that is able to detect data exfiltration an older DLP solution may miss, they are also lightweight enough to sit directly on every endpoint. This provides real-time insight into activity and automatically blocks any suspicious activity before hackers can exfiltrate data.