Why are big companies still getting hacked?

We are no strangers to news stories talking about huge #security breaches in big international corporations and yet wonder how is this still happening?

There are many reasons behind every attack ranging from financial gain, competition, revenge to even sheer fun and 'because I can' attitude. This does not answer the question to how is this still possible in 2015? Aren't huge corporations mighty enough to afford state of the art protection? Yes. They are. And they are not doing it.

Information security is regularly being pushed to the bottom of the to-do list or is neglected completely using old school justifications as 'it won't happen to us' or 'we have better things to worry about right now'. Wrong. This is exactly the thing to worry about and right now. 

Let's just be clear, more security solutions does not mean better security. Endpoint security solutions and intrusion detections systems only do so much to keep intruders and their malicious code out, but if you never checked to see if your back door is still locked, that’s where you are in trouble. I am talking of course about patch management as a number one issue in major corporations.

According to a report issued by HP almost half of the companies who suffered a cyber-attack in 2014 were hit by hackers taking advantage of old exploits. In fact, 44 percent of known breaches in 2014 stemmed from vulnerabilities caused by unpatched code that was two to four years old, showing that many companies are not adequately updating security patches, according to HP's Cyber Risk Report.

For example, when a company's server goes down, operations will usually reboot or reimage it to get it working again. When this happens, all security patches are lost and must be reinstalled. Because the process of reinstalling all security patches can be very manual, some patches may be missed.

Latest news of a huge attack on major corporation is a famous #TalkTalk data breach impacting all of their customers. Old security vulnerabilities may led a young hacker group into the arms of TalkTalk customer data and buzz began after the interview with TalkTalk CEO Dido Harding had an interview on the subject next to the PC with Windows Millennium on it. Are you serious? Talk(Talk) about bad patch management right there.

Security of the data needs to be taken seriously, especially private customers data. Patches will come and zero day exploits as well, we will never be 100 percent secure but let's try to try. From basic security awareness to IT security excellence, every little bit helps.

Stay safe.