What do Rite Aid, Disney, and Squarespace all have in common?
The fact that, in just the past few days, they each reported cyber breaches resulting in the theft of sensitive information.
Rite Aid announced Monday (July 15) that in June, an unknown third party “impersonated a company employee to compromise their business credentials and gain access to certain business systems,” while news also broke Monday that Disney had suffered a hack of its Slack system, with data from thousands of the channels of the company’s workplace collaboration system being leaked online.
Days earlier, between last Tuesday (July 9) and Friday (July 12), at least a dozen Squarespace customers reportedly had their websites hacked.
And that’s not even including Friday’s report that “nearly all” of AT&T’s wireless customers and those of the third-party brands that use its network have had their information stolen.
Needless to say, the threat landscape has cybersecurity teams in survival mode.
That’s why building a fault-tolerant organization that balances prevention with response and recovery has never been more top of mind for businesses.
See also: 2024 Is Already the Year of the Cyberattack
The stakes are high: Data breaches can cost companies millions, damage reputations, and erode customer trust. To mitigate these risks, the emphasis must shift from a purely preventive approach to a strategy that balances prevention with robust response and recovery.
“It is essentially an adversarial game; criminals are out to make money, and the [business] community needs to curtail that activity. What’s different now is that both sides are armed with some really impressive technology,” Michael Shearer, chief solutions officer at Hawk AI, told PYMNTS.
“On the automation side, it’s all about data. It’s all about organizing and connecting your data together, understanding the signals that you have so you can build a richer context and make better decisions. But you’ve got to have that information there, and you’ve got to connect it together. That’s step one.”
A fault-tolerant organization acknowledges that breaches are not just possible but likely. This perspective shift from “if” to “when” is crucial. It recognizes that while prevention is essential, it’s equally important to have response and recovery plans in place to minimize damage.
“The barrier for entry has never been lower for threat actors,” Sunil Mallik, chief information security officer at Discover® Global Network, told PYMNTS this month, noting that the cost of computing power has decreased dramatically over the past decade, making it easier for criminals to access powerful tools and launch sophisticated attacks.
“It’s a combination of defenses at the human layer, controls at the network layer, application layer and business process layer,” Mallik added. “This is complemented by continuous monitoring of the external threat environment.”
Implementing a multilayered security strategy can include things such as ensuring all systems and software are up to date to protect against known vulnerabilities, conducting regular cybersecurity awareness training to prevent phishing and social engineering attacks, implementing strict access controls, and embracing network segmentation.
Read more: Firms Look to Mitigate Consequences From Data Breaches
The news Sunday (July 14) that Google is exploring the company’s largest ever acquisition, and that the target is cybersecurity startup Wiz, underscores the importance of security.
On Tuesday (July 16), the IRS warned tax professionals of a rise in scams designed to steal taxpayer information. The tax agency and its “Security Summit” partners — a group of state tax agencies and private tax industry organizations — said they are seeing a “steady stream” of phishing scams and cloud-based schemes.
But the situation isn’t hopeless for enterprises, and the good guys have lots of new tools like artificial intelligence (AI) and machine learning (ML) to leverage. PYMNTS Intelligence’s latest 29-page report, “Leveraging AI and ML to Thwart Scammers,” a collaboration with Hawk, contains eight charts of proprietary data examining the role of ML and AI to help keep fraudsters from getting the upper hand.