How to Avoid the Fate of Sony, Target or Home Depot in 2015
NEWS ANALYSIS: One of the most effective methods of preventing massive data breaches is remarkably easy and very inexpensive.These days my email is full of press releases from IT vendors that claimed their products are the magic bullet that will prevent the next Sony data breach. But the reality is, there is no magic bullet. But that doesn't mean you can't keep your company from being a victim of cyber-criminals—because you can. But there is no magic bullet. And it's important to realize that some breaches may be all but impossible to stop, but those should be a small minority. First, it's important to know that while you can't totally solve the data breach problem with technology, you should still keep using the available technology—including firewalls, email screening appliances, anti-malware and similar products—to keep things under control. They do help. By using the best of the available products, you can at least keep most of the bad stuff out of your network so you can focus on the rest. Second, it's important that you not buy into the dismissal of employee errors by calling them "stupid user tricks" and then throw up your hands in dismay. While nearly all major breaches were the result of an error made by a trusted employee or contractor, it's wrong to suggest that they're somehow stupid and therefore unpreventable.
"They're just highly trained people in another field," said KnowBe4 CEO Stu Sjouwerman. But it's wrong to simply pass off these security problems as being the unavoidable problem of stupid users. "The stupid user might be a highly trained CFO," Sjouwerman said.