A great deal of focus in the cybersecurity industry is placed on the dangers threat actors pose to small and medium-sized businesses. For good reason, too. These organisations often lack the budget and staffing required to provide 24×7 monitoring, detection, and response, leaving them exposed to attack.
These same factors can find them incapable of mounting a robust incident response plan post-breach. They struggle with compliance requirements, which can make it difficult to obtain cyber insurance policies or avoid fines and fees should they be breached.
In short, SMBs are at great risk of being dealt a damaging blow by a cyber attack; one that it could be tough — or impossible — to recover from. But that doesn’t mean large organisations in the enterprise have it any easier. There are specific aspects to the way large organisations are structured and run that make them a very tempting target for threat actors.
Why Large Organisations Are Getting Hacked
1. Expanding Attack Surfaces
Large organisations have hundreds or thousands of employees. This means hundreds or thousands of endpoints to be secured, an extensive roster of IoT devices, multiple physical locations to protect, plus expansive network and cloud environments affording incalculable access points to cybercriminals.
The shift to hybrid work models, which accelerated due to the pandemic, further increased the size of attack surfaces. According to Global Workplace Analytics, up to 75 million Americans worked from home during the outbreak.
Now, three years on, many of those employees have transitioned to a permanent remote or hybrid status, meaning organisations must now secure devices in employee’s homes and provide remote access to the data and tools needed for these employees to do their jobs. For large organisations, this makes even simple tasks like deploying patches and software updates much more difficult.
2. Alert Fatigue
While it is true that some large organisations have the resources to build and operate an in-house security operations center, the security experts needed to run it are in short supply.
Considering that training an analyst properly is a process that often takes the better part of a year, and that the average analyst changes jobs every two years, those hard-won security experts may not stay long. Those that do will be tasked with securing the people, data, and environments of the entire organisation.
For these large companies, that can mean tuning and monitoring dozens of disparate tools generating an average of 11,000 alerts each day.
When analysts receive an overwhelming number of alerts from cybersecurity tools and are tasked with spending time reviewing and responding to each one, it can create an environment where it is impossible to distinguish important alerts from the unimportant ones. This operating environment of all noise and no signal is known as “cybersecurity alert fatigue,” and it has real costs for the large organisations impacted by it.
In fact, many attacks succeed not because a tool failed to raise an alert, but because the alert was missed or ignored by an analyst. Large organisations cannot afford to ignore a single alert. Yet, when a security team is impacted by alert fatigue, research shows that more than a quarter of alerts get ignored — every week.
3. Potential Profit or Scope of Damage
The budgets of large organisations may be measured in tens or hundreds of millions of dollars — if not more.
Many of these companies are publicly traded, with shares held by private citizens. Their earnings, product launches, and layoffs are often headline news on a national and international scale. Whether they store and move massive amounts of money or data, use proprietary tools and technology they can’t afford to lose, or operate essential services or utilities, the fallout large companies face post-breach is massive.
Moreover, when these organisations are targeted, it is rarely by novice cybercriminals. These are not hacks coming from the cliché kid in a hoodie operating out of a basement. These are sophisticated attacks conducted by experienced cybercriminals, ransomware gangs, and nation-state actors. Their attacks are well-researched, carefully planned and expertly executed — meaning they have a greater chance of being successful.
4. Extensive Vendor Partnerships
Large organisations often rely on an extensive network of vendors and third-party partnerships. While these relationships allow large organisations to scale rapidly and expand their reach nationwide or even globally, these relationships also expose large organisations to greater risk of breach.
For while these organisations may have the budget and staffing to protect their data properly and proactively, there is no guarantee their network of third-party vendors and partners can do the same. And, as these partnerships and relationships often come with access to each other’s networks and environments, a breach on a third-party partner can often be the key that unlocks access to the large organisation, as well.
Lock Up Large Orgs with Security Operations Solutions
The most effective way for large organisations to protect their data, reduce their risk of breach, and limit the financial and reputational damage from an attack is to partner with a security operations solutions provider. These organisations have the experience, expertise and ability to monitor the endpoints, network, and cloud environments of even the largest of organisations, while their team of security experts can help discover, assess, and harden environments against digital risk.
Learn more about securing enterprises with our guide.
Better understand how a breach could impact your bottom line with our Cost of a Breach Calculator.
