A great deal of focus in the cybersecurity industry is placed on the dangers threat actors pose to small and medium-sized businesses. For good reason, too. These organizations often lack the budget and staffing required to provide 24×7 monitoring, detection, and response, leaving them exposed to attack.
These same factors can find them incapable of mounting a robust incident response plan post-breach. They struggle with compliance requirements, which can make it difficult to obtain cyber insurance policies or avoid fines and fees should they be breached.
In short, SMBs are at great risk of being dealt a damaging blow by a cyber attack; one that it could be tough — or impossible — to recover from. But that doesn’t mean large organizations in the enterprise have it any easier. There are specific aspects to the way large organizations are structured and run that make them a very tempting target for threat actors.
Why Large Organizations Are Getting Hacked
1. Expanding Attack Surfaces
Large organizations have hundreds or thousands of employees. This means hundreds or thousands of endpoints to be secured, an extensive roster of IoT devices, multiple physical locations to protect, plus expansive network and cloud environments affording incalculable access points to cybercriminals.
The shift to hybrid work models, which accelerated due to the pandemic, further increased the size of attack surfaces. According to Global Workplace Analytics, up to 75 million Americans worked from home during the outbreak.
Now, three years on, many of those employees have transitioned to a permanent remote or hybrid status, meaning organizations must now secure devices in employee’s homes and provide remote access to the data and tools needed for these employees to do their jobs. For large organizations, this makes even simple tasks like deploying patches and software updates much more difficult.
2. Alert Fatigue
While it is true that some large organizations have the resources to build and operate an in-house security operations center, the security experts needed to run it are in short supply.
Considering that training an analyst properly is a process that often takes the better part of a year, and that the average analyst changes jobs every two years, those hard-won security experts may not stay long. Those that do will be tasked with securing the people, data, and environments of the entire organization.
For these large companies, that can mean tuning and monitoring dozens of disparate tools generating an average of 11,000 alerts each day.
When analysts receive an overwhelming number of alerts from cybersecurity tools and are tasked with spending time reviewing and responding to each one, it can create an environment where it is impossible to distinguish important alerts from the unimportant ones. This operating environment of all noise and no signal is known as “cybersecurity alert fatigue,” and it has real costs for the large organizations impacted by it.
In fact, many attacks succeed not because a tool failed to raise an alert, but because the alert was missed or ignored by an analyst. Large organizations cannot afford to ignore a single alert. Yet, when a security team is impacted by alert fatigue, research shows that more than a quarter of alerts get ignored — every week.
3. Potential Profit or Scope of Damage
The budgets of large organizations may be measured in tens or hundreds of millions of dollars — if not more.
Many of these companies are publicly traded, with shares held by private citizens. Their earnings, product launches, and layoffs are often headline news on a national and international scale. Whether they store and move massive amounts of money or data, use proprietary tools and technology they can’t afford to lose, or operate essential services or utilities, the fallout large companies face post-breach is massive.
Moreover, when these organizations are targeted, it is rarely by novice cybercriminals. These are not hacks coming from the cliché kid in a hoodie operating out of a basement. These are sophisticated attacks conducted by experienced cybercriminals, ransomware gangs, and nation-state actors. Their attacks are well-researched, carefully planned and expertly executed — meaning they have a greater chance of being successful.
4. Extensive Vendor Partnerships
Large organizations often rely on an extensive network of vendors and third-party partnerships. While these relationships allow large organizations to scale rapidly and expand their reach nationwide or even globally, these relationships also expose large organizations to greater risk of breach.
For while these organizations may have the budget and staffing to protect their data properly and proactively, there is no guarantee their network of third-party vendors and partners can do the same. And, as these partnerships and relationships often come with access to each other’s networks and environments, a breach on a third-party partner can often be the key that unlocks access to the large organization, as well.
Lock Up Large Orgs with Security Operations Solutions
The most effective way for large organizations to protect their data, reduce their risk of breach, and limit the financial and reputational damage from an attack is to partner with a security operations solutions provider. These organizations have the experience, expertise and ability to monitor the endpoints, network, and cloud environments of even the largest of organizations, while their team of security experts can help discover, assess, and harden environments against digital risk.
Learn more about securing enterprises with our guide.
Better understand how a breach could impact your bottom line with our Cost of a Breach Calculator.
