Information is the new currency. Our personal information including credit card information, internet protocol (IP) addresses, healthcare data, facial recognition biometrics and also location information from a mobile device may be worth millions of euros in the hands of data thieves. So, the stakes are high. Therefore, we’re pleased to present our first whitepaper called 10 Most Interesting Data Breaches in 2019: Key Takeaways for Businesses. This whitepaper critically discovers ten data breaches occurred in 2019. More importantly, we have written key takeways for your organization, that you’ll know how can data breaches be prevented and what steps should you take.
Table of Contents
What is the definition of a data breach?
We’ve seen data breaches in the news a lot and this trend seems to be on the rise. But what is the definition of a data breach? A data breach is the compromise of security that results in an incident that exposes personal information in an organisation’s possession to the risks of unauthorized access, collection, disclosure, modification, disposal or similar risks.
Practically speaking, data breaches can happen due to numerous reasons, for example malicious activity, human error and computer system error. No matter the reason, data breaches are damaging and they affect governments, financial institutions, hospitals ,and universities. Yet, this is known to be only the tip of the iceberg, partly because the great majority of data breaches remain undisclosed. According to IBM, on average, organizations take nearly 197 days to identify a data breach. Yes, that number is somewhat annoying.
What types of information are at risk of data breaches?
Some kinds of information are more frequently breached than others. So, different types of information poses different levels of risk to an organization. For instance:
- personally identifiable information: contact information, birth dates, and education;
- financial records: bank account numbers and investment details;
- users’ or customers’ data: customers’ physical address, device IDs and website visits;
- health information: medical records and prescription drugs;
- intellectual property: scientific formulas and proprietary software.
These aren’t only types of information that is at high risk. For example, legal information can also be in hackers’ interest. This type of information include court cases, legal opinions on different practices, and also merger and acquisition (M&A) details.
How do data breaches affect companies?
The effects of a data breach can ripple throughout the organization and have destructive and long-term consequences. These include reputational harm, loss of intellectual property, customer loss, reduced organizational productivity, loss of competitive advantage, unfavorable media coverage and etc.
Actually, these are known to be long-term or non-monetary consequences. Short-term or monetary consequences include direct fines, penalties, notification of customers, mandatory forensic examination, and future security costs.
In any case, data breaches bring substantial impacts and losses to organizations as well as individual victims. Some costs are even difficult to measure like lost business, negative impact on organization reputation and loss of consumer trust and credibility. That being said, data breaches have become a frequent issue in this digital era.
How can companies prevent data breaches?
Any organization could be the target of a data breach. But there are several steps and smart practices organizations can take today to avoid potential breaches and mitigate the risks when breach occurs. Before going any further, we must highlight the fact that there is no single prescription for
prevention. Because the nature of every attack and the composition of every business is different. The following are 3 high-level practices that organizations may consider applying.
1. Cyber security awareness training for employees
It’s no secret that the first line of defense for an organization is usually its employees. Therefore, a security awareness is important to establish a profound security culture within an organization. Simply speaking, cyber security awareness training is an education process that educates employees on understanding cyber threats, how to prevent cyber threats, and security best practices.
Did you know that global spending on security awareness training is predicted to reach nearly €9 billion by 2027? The impacts of data breaches extend well beyond IT departments. Sophisticated cyber attack methods pose greater risks for all organizations.
Make sure your employees understand the modern cyber security landscape, and also the cyber threats your organization and its customers face. Check our infographic named Cyber Security Statistics 2020, and learn about the 5 important cyber security statistics you need to be aware of in 2020.
2. Willingness of executives to actively support optimal cyber security policy
Security is everyone’s responsibility, including executives, that they must comprehend the importance of how to protect the organization from threats. Gone were the days when Chief Technology Officer (CTO) or IT department worried about cyber security policy. Now it’s the responsibility of executives within the organization to lead by example for the rest of the team.
What we mean here is that the support has to come from the executives of the organization. Firstly, they need to understand that cyber security is not just an IT issue. Secondly, they must understand the legal as well as regulatory implications of cyber risks, as with responsibility comes accountability. Then, executives must improve awareness and drive a more risk-aware culture across the whole organization. Last but not least, they have to enforce security standards across business processes.
Alignment across executives, especially between IT and the line-of-business owners, is significantly crucial to build a strong cyber security posture. Simply put, executives in must understand the real value of a holistic approach to cybersecurity.
3. Offline backup of critical data
In fact, data nowadays is the lifeblood of any organization. Over the last several years, a number of high-profile data loss incidents have cost organizations millions of euros and have resulted in tremendous damage to reputations. Worse yet, some organizations went out of business entirely because of a data breach.
One small step that shouldn’t be neglected is to maintain an offline backup. Offline or cold backup refers to the process of storing files locally so that the data are accessible when the computer isn’t connected to the network. One of the biggest advantages of this method is indeed data consistency. It means that the data can’t be modified or changed.
We understand that there are several data loss scenarios to take into account. For that reason, there isn’t one solution that can be utilized to tackle the data loss incidents. After all, protecting the most valuable asset of organization must be of paramount importance.