It’s not just the customers – businesses dread data breaches, too 

Several security research organizations, such as Websense, have pointed out that most anti-virus and anti-malware programs can only catch exploits that are already known, and that, in the case of Target, the software did not recognize the malware used by the attackers.

Often, the methods attackers use to get into a system are above and beyond what any security software could hope to catch. The Target breach in particular was made possible because the attackers first stole network credentials from an HVAC contractor who was working on the refrigeration systems at several of the retailer’s locations in the country’s northeastern states.

It seems sometimes that attackers are always two steps ahead. So what’s a business to do?

Akshay Kalle, CTO, Pathway Communications, says that a holistic approach is the best way to combat cyber crime. He believes that too many businesses use security as insurance rather than an integral part of their operations.

“A lot of businesses only seriously look at security after they’ve been hurt,” he said. “This must change.”

To ensure best practice, businesses should maintain regular audit processes of their security systems. This ensures they stay abreast of any vulnerabilities in their security and enables them to solve the problem before it snowballs into something more serious.

Moreover, businesses should consider moving away from traditional security models, such as backups; there is nothing wrong with these practices, in theory, but as Kalle points out, more must be done to counter the increasing sophistication of cyber criminals.

And above all, businesses must think about the three P’s of security: people, processes, and parts. Unless all three are working in tandem, businesses might be leaving themselves open to exploits.

“Hackers will prey on the human aspect,” Kalle said, adding that data handling practices, as well as issues of security and privacy, must be discussed with everyone in the enterprise.

If everyone understands how social engineering works, they’ll be less likely to click the link in a fake LinkedIn invitation that takes them to a site full of malware.

“It’s not a matter of ‘if’ in today’s world,” Kalle warned. “It’s a matter of ‘when.’”