Online information storage firm Evernote has issued a statement to recommend that all 50 million of its users reset their passwords, following a security breach by hackers. The company admitted that usernames, email addresses and encrypted passwords were accessed. It also stated that “While our password encryption measures are robust, we are taking additional steps to ensure that your personal data remains secure.”
Not only does this news follow hot on the heels of recent cyber attacks on Apple, Facebook, and Twitter, but it harks back to 2011’s stream of notorious data breaches, which saw the IT security defences of other large companies such as Lockheed Martin, RSA, Sony and Google also compromised.
It’s disappointing to think that as an industry, it seems very few lessons have been learned since then – organisations of all sizes are still relying all too heavily on traditional point security tools such as encryption and anti-virus solutions, which have repeatedly proven their limitations.
With cyber attacks becoming increasingly frequent and sophisticated, today’s organisations must be constantly aware of the evolving cyber threat – ditching the common and outdated reactive approach to security – if they are to have any hope at protecting themselves. As such, companies need to start introducing mechanisms that give context to data and facilitate a deeper understanding of all network activity in real time.
To truly learn from these high-profile breaches, organisations need to deploy mechanisms for proactive, continuous monitoring of IT networks to ensure that even the smallest anomaly can be detected before it becomes a bigger problem for all. Only then will they gain that critical level of insight needed to effectively address data breaches.