Equilfax, Yahoo and fast food provider, Sonic, what do they all have in common? They all recently suffered a massive security breach that has compromised private information of thousands, if not millions, of their customers, employees and vendors. These breaches, along with all the others that came before, are just further proof that hackers are successfully launching larger scale attacks, seeing little resistance, infiltrating and extracting more data and going undiscovered for longer periods of time. All of these breaches have resulted in over 2 billion records being compromised by data breaches in the first half of 2017 alone. That is up nearly 165% from the records compromised in the final six months of last year. What is even more troubling about these figures is that these are figures only represent the breaches reported publicly, one can only imagine how much larger these numbers would be if every breach was made public.
Globally, data breaches and the amount of records compromised continue to grow at an exponential level. These breaches also are not industry specific, every industry is at risk of a data breach. The recent trends are only proving that hackers are getting smarter, stealthier and riskier going in big on their attacks. Here is some data that proves these trends:
- Tax data a hot-ticket item: Hackers going after tax data is a new trend that has risen in 2017. Phishing attacks compromising W-2 data hit more than 200 incidents.
- Accounting firms and payroll service a key target: Organizations that aggregate data are a target for hackers. In one instance, 5.5 million job seekers’ personal data (including SSN#) were compromised.
- 2017 is setting data breach records: 4 of the breaches recorded (+6B records) were on the Top 10 list of all-time largest data breaches.
- Breaches are getting bigger and are concentrated: 10 breaches accounted for a majority of all records exposed (5.6B of the 6B exposed). 77% of the breaches came from just 10 countries.
- Social Security numbers are at an increased risk: Breaches impacting social security numbers grew to 26.1% in the first half of 2017 (up from 17.6% in 2016).
- Hacking remains the top cause of data breaches: Hacking accounts for 41% of data breaches.
- Skimming is a major cause of data breaches: 272 breaches in the first half of 2017 were a result of card reader skimming.
- Breach detection is still a major problem for most companies: Roughly 50% of the time, external parties alert companies to breaches and companies are not able to detect the incidents on their own. Of the 2,227 breaches in the report, only 443 were from internal sources.
How do organizations fall victim to these large-scale breaches?
The short answer is out dated or lack thereof security measures. If you were to look over the 10 largest breaches of all time it would show you that each of these organizations had vulnerabilities in security that went unaddressed and resulted in these breaches. Those vulnerabilities, such as weak password management, phishing scams, not utilizing multi-factor authentication, disgruntled employees, lack of employee training and employees with unnecessary levels of authorization, lead to difficulties in discovering and resolving the breaches. These massive breaches took many months, if not years, to uncover and today those organizations affected by the breach are still not just resolving the issues from the breach but also uncovering new layers the breach, which only amplifies the impact of the breach.
What repercussions do organizations face when affected by a massive data breach?
The short answer is many from stolen identities, stolen private organization information, millions of dollars in damages and fines, loss of customer confidence, damages to organization brand and image, the loss of jobs among high level executives and months, if not years, of clean up to resolve the immediate impact of the breach. All segments of an organization need to care about the potential for a data breach. All too often IT departments are the ones who are fighting more funding and staff to secure the organization and the other business channels tend to ignore security. A massive security breach is something no C-level executive can hide from or try and deflect, it is an issue that has too many repercussions.
What can organizations do to best prepare and minimize the chances of being breached or minimizing its impact?
The short answer is to be prepared and aware. First things first would be make sure all current cybersecurity has been properly updated and any patches available have been installed. Multi-Factor Authentication should be utilized for all users on the network and system. This adds an addition layer of security to all accounts attempting to login. Implementing an identity access management system is a must. This will give full visibility into whom and what roles has access to what resources. It will also help in seeing who attempts to log into certain areas and when. Lastly, the one area that typically gets over looked but has one of the greatest impacts on an organization’s security is its employees. Proper training and knowledge awareness is the greatest way to minimize the way employees handle protecting the security of an organization.
If you would like to have your organization’s cybersecurity assessed, fill out our contact us form and we will come in help your organization form a strategy and uncover any vulnerabilities before someone else can.