With every passing day, the network of connected devices is increasing, and, while this growth of connectivity continues to grow bigger, the risk of exposure is also increasing. Furthermore, it is no longer dependent on how big or small the businesses are. In today's cyberspace it is hard to establish if any network of application is not prone to attacks, but it has become extremely important to have a sustainable, dependable, and efficient network system, as well as applications. Properly configured systems and applications will help reduce the risk of attack. But it might not ever be able to eliminate the risk of attack completely.
A modern IT security system is a layered system, as a single layer approach to security is not enough anymore. In the event of a network breach, the victim can sustain a huge impact, including financial, disruptions to operations, and loss of trust factors. In the recent past, the number of breaches has increased for various reasons. The attack vectors for these breaches could be many, such as viruses, Trojans, custom malware for targeted attacks, zero-day-based attacks, or even insider threats. The following table shows the biggest data breaches of the 21st century:
For instance, one of the biggest data breaches that happened with Target Stores in December 2013, was planned during the Thanksgiving holidays and the organization did not discover it until a few weeks after the actual attack. The attack was started from an internet enabled air conditioning system and then to the point of sale systems. Eventually this attack led to the theft of about $110 million in credit and debit card data. The after-effect of the attack led to the resignation of the, then, Target CEO and the cost impact to Target was in the region of $162 million. (For readers, a more detailed report can be found here: https://www.csoonline.com/article/2134248/data-protection/target-customers--39--card-data-said-to-be-at-risk-after-store-thefts.html)