Data is becoming an increasingly valuable commodity for businesses. In many ways, it is the currency of the modern world. Organizations that have it can gain tremendous competitive advantages. Losing it- either by accident or at the hands of hackers – can lead to substantial losses.
For this reason, companies need to defend their information as staunchly as they would their regular property.
Check out some of these statistics on data breaches:
- In 2018, there were more than 1,257 recorded data breaches, exposing more than 446.5 million customer accounts
- Data breaches exposed more than 1 billion records in the first six months of 2019
- 34 percent of data breaches in 2018 involved an internal actor
This post discusses what a data breach is, how much they cost, and what you should do if you discover one at your company.
What is a data breach?
A data breach occurs when somebody views classified information without authorization.
The definition is interesting because it implies that merely looking at data is sufficient to constitute a security incident. Hackers don’t need to delete data or send it on to third parties to count as a breach.
Data breaches can have all sorts of negative ramifications for organizations.
Legal consequences include fines and court action. Marketing consequences involve things like a loss of brand value and reputation. There are even employee acquisition costs. Talented candidates often decline employment offers from firms that they view as incompetent. Thus, avoiding breaches is a top priority.
What is the average cost of a data breach?
Data from the 2019 Cost of Data Breach Study – an IBM-led project – suggest that data breaches cost the average business $3.92 million globally. In the US, the cost is a staggering $8.54 million. On average, organizations lose 25,575 records, costing around $150 each to replace.
Worryingly, Juniper Research estimates that the full direct and indirect costs could reach more than $150 million by the end of 2020.
What are the common types of critical data that are at high risk for cybersecurity attacks?
Cybercriminals are often highly targeted in their attacks. Usually, they want to collect specific critical data types – information your company needs to operate in the marketplace. These are the most valuable for extracting money from both you and your customers.
Over recent years, we have seen the kinds of data that hackers prefer to steal. Retailers and banks, for instance, have seen customer databases containing account and payment card information stolen. Government agencies have had their emails and drivers’ license data compromised, allowing hackers to blackmail users and disseminate classified information.
Here we run through some of the types of data hackers like to target:
Network data
According to figures from Statista, ransomware attacks account for around fifteen percent of all cyber insurance claims, making them the second-most popular form of data breaches. Here the aim is not so much to get hold of any specific type of data. Instead, the goal is to restrict access to the entire repository so you can no longer access it. Once hackers encrypt it, they can charge you a ransom payment to release it.
Corporate account data
Corporate account data is another popular target. Here, hackers attempt to acquire employee account access data. Once they have it, they can use it to run scams internally on your network to disrupt business operations. Common tactics include impersonating the CEO or attempting to solicit financial information from the company’s clients.
Confidential product information
Enterprises maintain their competitive advantage by protecting critical product information. Hackers know that if they can access these data, they can get one step ahead of you. Acquiring your product information, for instance, lets them bring your ideas to market. They can also take the data and sell it to your rivals, eliminating your competitive advantage in a stroke.
Personal information
Personal information is perhaps the most highly-prized of any information your firm keeps. It is often a treasure trove for hackers, including advertising information and payment card details they can use to extract money directly.
According to the Identity Fraud Study, 17 million Americans had data stolen in 2017. Common targets included social security numbers, driver’s license data, and tax information. Hackers were able to open fake credit card accounts with this data and commit tax fraud.
Server data
Companies often overlook the fact that hackers want to steal their server data too. Cloud storage services aren’t cheap, and organizations spend thousands of dollars per month on storage for all their information.
If hackers can access passwords and logins, they can store their data on your servers, bypassing service provider fees. Plus, once they compromise your systems, they can also harvest your server space and sell it to third-parties, pocketing a nice profit in the process.
At the moment, targeting server data is a popular option for hackers because companies aren’t aware of the issue. They can often run schemes in the background for months before anyone in your organization notices.
Tech companies are the primary target for these kinds of attacks because of the amount of data they store. But any firm with extensive data backup requirements could potentially be at risk.
What should I do if there has been a breach within my company?
If you suspect a data breach at your company, you need to act fast. Here’s what to do, step-by-step.
Step 1: Confirm that there was a breach
First, you need to confirm that a breach actually happened; an unauthorized user did indeed view confidential information. Sometimes scammers will reach out to you, posing as a company or client, attempting to obtain more information from you that will provide them account access.
Don’t fall for it. If there’s been a suspected breach, call up the company or client and speak with them in person. Only use official contact information. Always check the website URL before calling or emailing.
Step 2: Find out what was stolen
The next step is to figure out what was stolen if anything. Sometimes breaches can occur accidentally without any malicious intent. Other times, fraudsters will take information and then attempt to use it or sell it on to third parties for cash. Common data targets include email addresses, customer names, telephone numbers, card details, passwords, and security questions.
Step 3: Stop additional data loss
Take as much of your equipment offline as fast as you can to prevent any additional data loss.
Step 4: Interview people who discovered the breach
People in your organization may know more about the data breach than meets the eye. Interview them and anyone else who might know about it to find out more about what happened.
Step 5: Fix your vulnerabilities
The next step is to fix your vulnerabilities.
If you have digital forensics experts working with you, get them to review any logs around the time of the breach to determine who had access to the information. Ask them to find out who has current access to the data and whether their access privileges need to continue.
If you have service providers, contact them, and find out what critical information they can access. Consider jointly whether you need to restrict access privileges further. Also, consult with them about what steps they’re taking to ensure that another breach doesn’t occur in the future.
Consider your network segmentation too. You want to create a situation where a breach on one server doesn’t automatically imply a breach on all the others.
Step 6: Notify all appropriate parties
The final step is to notify all relevant parties within the timeframe set out by law. Ideally, you should notify law enforcement immediately, especially if there is a risk of identity theft. You’ll also want to notify affected businesses if you’ve had data stolen but don’t maintain accounts. Notifying individuals fast is important because it gives them precious time to change their passwords and cancel their credit cards before hackers have a chance to steal more.
What are the common causes of a data breach?
Most business executives are surprised to discover that the majority of data breaches occur because of human or organization errors, not because of the hackers’ technical skills.
Common causes include:
- Insider error – where employees mistakenly provide critical access information to malicious parties (such as leaving a laptop on the train or copying the wrong person into an email)
- Malware – software that leaks critical data to cybercriminals, providing them with information to hack your systems and steal data
- Application vulnerabilities – backdoor exploits that allow hackers to gain access to your systems before you patch them
- Weak credentials – poor quality passwords that they can easily guess, such as “password123.”
- Malicious insiders – employees who don’t like your organization and want to help undermine it
Fortunately, with the right partners and cybersecurity awareness training, combating critical data risks is more straightforward than you might imagine. It pays to be prepared.