As cyberthreats become increasingly sophisticated, regulated industries need to look at whether they're doing enough to elevate their cybersecurity standards.
"When your system is down, it creates the best opportunity for hackers to compromise your data," said Javad Abed, assistant professor of information systems at Johns Hopkins Carey Business School."That's why multiple layers of security are crucial. Redundancy is key. You need to assume 100% that threats will happen and build your security around zero trust.
According to Abed, more needs to be done."Business owners still see security as a cost. That's what causes many problems," he said."Spending money in security is an investment and shouldn't be considered a cost." Finance, health care and other regulated industries should consider their specific needs and tailor their defenses with military-grade components, he added.
However, vulnerability exploitation isn't the only method cyber criminals use to infiltrate an organization. According to the Verizon report, human error accounts for 68% of incidents, including employees falling victim to phishing attacks and mishandling data internally. Credential attacks accounted for 33% of breaches over the last decade, and supply chain attacks, involving third-party vendors or partners, increased from 9% to 15% since 2023.
"Ultimately it comes down to the people," Orenstein said."Most breaches are drawn back to an employee who doesn't have the right habits. I don't think it's an option anymore for people to skirt this, because the consequences are too drastic."