Data is everywhere and so are the data breaches. With increasing number data breaches every day. The organization takes lots of measures to secure their data and network. Still data breach is increasing day by day.
Recently in the last week of July, Los Angeles (LA) police department informed its officers, and applicants who wanted to join the police force, data breach was exposed. The compromised data included names, dates of birth, the last four digits of their social security numbers, and the email addresses and passwords. This brings us to the question why government systems are highly vulnerable to cyber-attacks.
Yet another data breach in the last day of July, this time it was Capital One reported it had a data breach that exposed the personal data of approximately 100 million people, including nearly about 80,000 bank account numbers and 140,000 Social Security numbers. Until recently in the same month of July, Equifax reported similar data breach the compromised data included Social Security numbers, birth dates, addresses, driver license numbers, credit card numbers and in some cases, data from passports.
So, questions arise why does these data breach occur? Is it because of lack of deployment of security solutions, or lack of awareness? While most companies use perimeter security such as firewalls, DDOS, intrusion detection, and other measures, yet vulnerabilities exist.
Perhaps some common measures, that might be thought, before the next cyber attack occurs:
- have a rack of Common Vulnerabilities and Exposures (CVE) from a known source
- detail out list of software’s dependencies, libraries, and components, by version
- Incorporate release dependency as part of the build process.
- Set aside a small portion of budget releases for ensuring applications and their dependencies current.
It is pertinent to note, that our data needs to be well protected, safe and does not fall into wrong hands. Building a robust IT security plan and maintaining a good security posture is critical to any organization be it a state agency or a private organization. Perhaps it might be worthwhile to consider a managed security service provider (MSSP) to step-in to managed IT security or creation of a Security Operation Centre (SoC) might be a good bet.