Massive Data Security Breaches A Problem Now More than Ever
DID YOU KNOW?
There is an average of 177,339 worldwide data security threats every day!
In a world where technology is only growing more complicated faster and faster each day. And where consumers are putting more and more digital information out in the 'web' or the 'cloud' the risks have never been higher. This information is at constant risk which can leave consumers feeling helpless against the threat of hackers who are looking to sell their private information at top dollar.
How bad has it gotten? Well 2016 was a real whopper of a year when it came to security breaches. The biggest breach of all time was announced by Yahoo. The internet giant admitted that a breach occurred in 2014 that exposed the private information of 500 million users. Hackers obtained names, email address', birthdays and more.
If that is not bad enough, the IRS was also hacked. 700,000 individuals had their Social Security numbers stolen among other personal information. Rounding out the year are the now infamous WikiLeaks of the DNC. 20,000 private emails from the Democratic National Committee were made pubic after being hacked by a still unconfirmed entity.
Looking back a bit further, another widely publicized security breach happened to Home Depot in 2014. In this instance, hackers gained access to the home improvement chain’s American and Canadian point-of-sale system where they stole more than 56 million customers’ credit and debit card information. Unbelievable!
But, as big as those breaches were, the Identity Theft Resource Center actually identified that more than half of the data security breaches in 2014 were in the health and medical industry. For example, Anthem, America's second largest health insurer suffered a massive breach that affected over 80 million current and former members. The breach involved the theft of members’ names, addresses, birthdates, Social Security numbers, and employment histories.
So what are consumers to do? How do people keep their information safe when it seems the only alternative is to not hand it over to companies in the first place? CEO of The Network Support Company Jim Kennedy offers these words of wisdom:
“So, how do we fight a war like this? Currently, it’s a defensive war – companies like ours have no offensive capability – and the odds are not in our favor. We must get it right every single time, but the bad guys only need to get it right once. Fortunately, the greatest weapons in the arsenal against cybercrime are 1) proactive planning, 2) a disciplined process-driven approach, and 3) a very high level of execution – all things at which TNSC excels. As IT advisors, it’s our responsibility to inform, educate and make them aware of the seriousness of very real threats.”
Is Preparedness the Key to Preventing Cyber Attacks?
As Jim Kennedy suggests, being prepared for an attack is one of the most important thing companies can do. Yet, the Ponemon Institute conducted a study in September of 2014 and found that 43% of companies surveyed had experienced a data breach that year - and only 73% of those companies had a response plan in place. That means over a quarter of the companies surveyed hadn’t established a breach policy in the case their data was compromised by a cyberattack.
Not only that, but of those that had plans in place, only employees at 30% of the companies said they thought the plan was “effective or very effective.” Lee Munson, security researcher for Comparitech.com concurrs with this statement:
Contrary to popular opinion, however, it is often not the technology itself that leaves a company open to a data breach or other form of attack, rather it is poor implementation or misguided choices by those who engage with it.
All companies should be performing risk assessments to identify weaknesses in their systems prior to picking an appropriately researched solution but, more than that, they should be engaging their employees to ensure that those solutions are properly installed and maintained.
Furthermore, they should also ensure that all staff are familiar with their roles and responsibilities when something does go wrong as the biggest risk around technology is often that of human failure.
When the damage, legal repair, and blow to their reputation can cost a company millions of dollars, having a prevention and response plan in place certainly seems beneficial. IT professionals are usually the people who work behind the scenes to create, implement, and train employees on these procedures.
What else should companies be doing? Immediate actions that a company should take if a data security breach has materialized include:
- Informing customers quickly of the breach via personal message and public statement
- Contacting law enforcement and a legal team to find and then prosecute the hackers responsible
On the personal level, if you’ve experienced identity theft or an account security breach:
- Call all of your credit card companies to put a freeze on your accounts until you receive new account numbers
- Sign up for an identity protection service to monitor your private information
- Change all passwords; and check your accounts daily for a year after the security breach
It only takes a few minutes and you may be able to catch an unauthorized charge within hours of the transaction. CISSP certified CEO of Wapack Labs Jeff Stutzman also offers consumers this advice:
“Cyber terrorism from a computer level perspective relies heavily on our inability to take even basic measures to protect ourselves. Password management, automated operating system updates, and basic network hygiene goes a long way, yet most have absolutely no idea.
There is a very stark lesson that both companies and customers can take away from recent security breaches. The cost of prevention is often far less than the price a company pays—in millions of dollars and in rebuilding their sullied reputation—to repair the damage of a data security breach.