The Truth About Many Data Breaches
There are various methods for hackers to access data, phishing, improperly secured servers, no firewall, etc. A Business Insider article, Marc Rogers, professional “white-hat” hacker identified one common theme among several of the major data breaches is that the companies managed the servers with the data. There are so many cloud computing and hosting services available like Amazon Web Services (AWS) which has become a commodity for the IT industry. So companies think they can just purchases an AWS package, install software and start storing data without considering the consequences. You would not have just anyone perform surgery on you so why setup IT hardware and software without consulting an expert?
Data Breach Examples
Capital One Data Breach: Approximately 100 million consumer applications including customer status, credit scores, payment history, contact information, social security numbers and bank accounts. The data breach was caused by a former employee and a misconfigured open-source web application firewall that was hosted in AWS.
BioStar 2 Data Breach: About 28 million record of over 1 million people worldwide. Vpnmentor discovered the unencrypted database belonging to Suprema, a global biometrics security and identity company. Thousands of companies use BioStar 2, Suprema’s web-based security platform, which is a biometrics lock system. It uses fingerprints and facial recognition to give a company’s employees access to buildings, offices, and other facilities.
Adobe Creative Cloud Data Breach: It is estimated that 7.5 million accounts were exposed from an improperly configured cloud database. The exposed information included email addresses, account creation date, Adobe products, subscription status, payment status, member IDs, country, and time since last login. This information could easily been used for phishing campaigns to obtain sensitive data like credit card information.
It is scary to think large corporations are so careless to leave our personal data unsecured online for anyone to download. All three of the examples above could have been prevented by properly securing the information. Two of the databases did not have any password protection.
“Boosting the security of the servers that store such information could dramatically cut down on the number of data breaches”, according to Rogers.
- Here are some interesting statistics from the IBM Security Study:
The cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average
Malicious Breaches – Most Common, Most Expensive: Over 50% of data breaches in the study resulted from malicious cyberattacks and cost companies $1 million more on average than those originating from accidental causes.
“Mega Breaches” Lead to Mega Losses: While less common, breaches of more than 1 million records cost companies a projected $42 million in losses; and those of 50 million records are projected to cost companies $388 million.4
Practice Makes Perfect: Companies with an incident response team that also extensively tested their incident response plan experienced $1.23 million less in data breach costs on average than those that had neither measure in place.
U.S. Breaches Cost Double: The average cost of a breach in the U.S. is $8.19 million, more than double the worldwide average.
Healthcare Breaches Cost the Most: For the 9th year in a row, healthcare organizations had the highest cost of a breach – nearly $6.5 million on average (over 60% more than other industries in the study).
Even though there are several cloud computing and hosting platforms it is best to consult an expert to ensure your hardware and software is properly configured. In addition, there are several best practices for maintaining a secure environment. For instance a properly configured firewall, virus protection, software patching, geo-blocking for web servers, IDS testing and off-site backups. We continue to hear about fines for these big corporations, but nothing seems to change. Start by consulting an IT security expert to properly secure your company data to prevent becoming another data breach statistic. Contact Wolf Technology Group today to learn how we can assist you. Your IT Security is Our Business.Tags: Cybersecurity, Data Breach, Hackers, IT Security