The Truth About Many Data Breaches
We hear about a new data breach daily. Learn how hackers access your data so you can help prevent it. There are various methods for hackers to access data, phishing, improperly secured servers, no firewall, etc. A Business Insider article, Marc Rogers, professional “white-hat” hacker identified one common theme among several of the major data breaches is that the companies managed the servers with the data.
Root Cause of Data Breaches
There are so many cloud computing and hosting services available like Amazon Web Services (AWS) which has become a commodity for the IT industry. So companies think they can just purchases an AWS package, install software and start storing data without considering the consequences. You would not have just anyone perform surgery on you so why setup IT hardware and software without consulting an expert?
Data Breach Examples
Capital One Data Breach: Approximately 100 million consumer applications including customer status, credit scores, payment history, contact information, social security numbers and bank accounts. How did this occur? A former employee and a misconfigured open-source web application firewall in AWS.
BioStar 2 Data Breach: About 28 million record of over 1 million people worldwide. Vpnmentor discovered the unencrypted database belonging to Suprema, a global biometrics security and identity company. Thousands of companies use BioStar 2, Suprema’s web-based security platform, which is a biometrics lock system. It uses fingerprints and facial recognition to give a company’s employees access to buildings, offices, and other facilities.
Adobe Creative Cloud Data Breach: It is estimated that 7.5 million accounts were exposed from an improperly configured cloud database. The exposed information included email addresses, account creation date, Adobe products, subscription status, payment status, member IDs, country, and time since last login. This information can easily be turn into a phishing campaigns to obtain sensitive data like credit card information.
It is scary to think large corporations are so careless to leave our personal data unsecured online for anyone to download. All three of the examples above can be avoided by properly securing the information. Two of the databases did not have any password protection.
“Boosting the security of the servers that store such information could dramatically cut down on the number of data breaches”, according to Rogers.
Data Breach Stats
- Here are some interesting statistics from the IBM Security Study:
The cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average
Malicious Breaches – Most Common, Most Expensive: Over 50% of data breaches in the study resulted from malicious cyberattacks. This cost companies $1 million more on average than those originating from accidental causes.
“Mega Breaches” Lead to Mega Losses: While less common, breaches of more than 1 million records. The cost projected $42 million in losses; and those of 50 million records are projected to cost companies $388 million.
Practice Makes Perfect: Companies with an incident response team that also extensively tested their incident response plan experienced $1.23 million less in data breach costs on average than those that had neither measure in place.
U.S. Breaches Cost Double: The average cost of a breach in the U.S. is $8.19 million, more than double the worldwide average.
Healthcare Breaches Cost the Most: For the 9th year in a row, healthcare organizations had the highest cost of a breach – nearly $6.5 million on average. Over 60% more than other industries in the study.
How Wolf Technology Group Can Help
Consult an expert like Wolf Technology Group to setup, secure and maintain your network environment. We follow best practices to help keep you secure.In addition, there are several best practices for maintaining a secure environment. For instance a properly configured firewall, virus protection, software patching, geo-blocking for web servers, IDS testing and off-site backups.
Contact Wolf Technology Group today to learn how we can assist you. Your IT Security is Our Business.Tags: Cybersecurity, Data Breach, Hackers, IT Security