The Evolving Business of Data Security
Data breaches, in one form or another, occur every single day. In fact, according to a report from Wired, in 2013 alone, there were 600 data breaches that impacted U.S. consumers. How have data breaches changed over the years, and what measures have been taken to prevent them? What more can be done and what can you do to protect your business information and the information of your customers?
Yesterday And Today
The Privacy Rights Clearinghouse has compiled a list of data breach incidents in the U.S. since 2005. As of this writing, there are more than 4,500 entries on that list. Then, and now, hacking is a common cause of data breaches. And the number of people impacted — as well as the ways they’re impacted — can be staggering. The differences, it would seem, in comparing old cases to new ones, are in the number of incidents taking place and the difficulty in calculating just how many people are affected. Some of the most serious hacking cases have happened in the past few years:
A hacking incident in 2014 at the University of California Berkeley caused the names, social security numbers, credit card numbers, and driver’s license numbers of an unknown number of people to be obtained.
The State Compensation Fund of Pleasanton, California, revealed that a hacking incident resulted in the theft of emails that contained the names, addresses, phone numbers, social security numbers, dates of birth, and workers’ compensation claim numbers for an unknown amount of clients.
The La Jolla Group reported that a hacker obtained the names, addresses, phone numbers, email addresses, credit card numbers, CVV2 data, and credit card expiration dates for an unknown number of customers who checked out at its clients ecommerce apparel websites.
These are just a few examples, but perhaps it gives you a view of where we’ve been and where we are.
How Hackers Strike
During the Christmas season of 2013, credit and debit card information for 40 million people was exposed to hackers, along with the email and mailing addresses of about 70 million. According to a report from Network World, hackers were able to infiltrate Target’s network by stealing network credentials from a business partner. Those responsible for the Home Depot hacking incident used the same method.
J.P. Morgan’s information breach was caused when hackers broke a server that didn’t use two-factor authentication, the report noted.
Another common way that hackers gain access to information is through “phishing” emails. About 20 percent of untrained users fall for these emails. One to nine percent of trained users also fall for them.
Web malware also ranks high as a preferred tool for hackers. Network World states that pharmaceutical and chemical companies are the most common targets for web malware.
Counting The Costs For Business
A 2013 research report from the Ponemon Institute and Symantec found that the cost per compromised record to organizations in the United States who experienced a data breach was, on average, $188. This was the second highest per-record cost of the countries Ponemon surveyed, coming in only slightly behind Germany. The U.S. and Germany also ranked highest in average total cost of data breaches at $5.4 and $4.8 million respectively.
Organizations in Australia and the United States experienced the highest number of compromised records of the countries surveyed, 34,249 and 28,765, while Italy and Japan experienced the fewest.
The report also found that the U.S. organizations were among the best in decreasing the costs of data breaches through strong security postures, incident response plans, the appointment of a CISO, and the use of outside consultants during the data breach remediation.
U.S. companies were among those who spent the most on notification of a breach, the report noted, including the creation of contact data bases, determination of the regulatory requirements, the alerting of victims, and the engagement of consultants. The amount spent on such efforts was an average of $565,020.
In 2005, the U.S. Justice Department released its first report on cyber-crime attacks against businesses. At that time, of 7,818 businesses surveyed, 67 percent said they’d experienced at least one cyber crime incident per year. The 2013 Ponemon report surveyed 60 businesses, for which the average number of successful cyber attacks against those businesses was two per week.
In 2010, the Obama administration began a review of the federal cyber-security policies, the Wired article notes. A subsequent report stated that the problem of cyber crime is not going to be solved by technology alone, but by educated users who employ sound practices.
Recent cyber attacks have led to proposed legislation, including The Personal Data Protection and Breach Accountability Act of 2014, introduced by Senator Richard Blumenthal. While it has yet to be enacted, the article notes that some version of this bill will eventually become law and will impose civil and criminal liabilities on companies who fail to notify individuals when a breach that compromises personal information occurs. The law also creates an avenue by which individuals could file suit against companies for compromising their information and would apply to those companies maintaining information for 10,000 or more U.S. citizens. The only way notification could be delayed is by law-enforcement authorities, if prompt notification might impede a criminal investigation.
The Role Of Big Data In Cyber Security
In a number of industries, the use of big data is helping in the arena of cyber security. For example, as reported by RigZone, the oil and gas industries — hoping to gain greater efficiencies through automation and wireless operations — are facing more and more ways that their information and that of their customers can be compromised. Those companies are finding that protecting information on the cloud is a different problem entirely from protecting a physical building, the Wired article notes.
Using big data, however, will soon enable these companies to find and fix their vulnerabilities before hackers do. And about the differences between protecting a physical building and the other one involving information on the cloud? Addressing those differences at the same time isn’t just a matter of convenience. In an industry threatened on several levels and by many forces, it’s a necessity.
The big push, then, becomes how to analyze the data. And that relies on having people who are trained to do so, something that this industry and others are hard pressed to find outside of Silicon Valley and New York City.
Protecting Your Customers’ Information
Education is one of the most important ways that businesses can protect the personal information of their customers. We’re not talking about the Silicon Valley type of education, but about a set of policies governing access to secure files, use of the internet, BYOD, and other employee practices. Companies should also have a disaster-recovery plan that governs the response to a number of incidents that businesses face, including data breaches.
Managed IT services can provide you with expert-level protection and monitoring against cyber attacks, and can arm you with the standard protection tools, including anti-virus software and anti-malware.
For more information about keeping your company’s information and the information of your clients secure, contact us.
Would you like to have posts like this for your blog? Let us know! Blogging for the tech industry is one of our specialties. We’d love to write for you.
Editor’s Note: This post is an example of the longer posts we now offer. You can choose a plan that gives you posts at 250+ words, 600+ words, 900+ words, or 1200+ words. The posts are not only longer, but are written by more experienced writers.