29 September 2017
‘Mega-breaches’ may be the ones that make the headlines, such as the recent NHS system hack that caused major disruption across the UK, but there are many more smaller scale breaches that go undiscovered and under-reported, meaning that the full scope of the problem is somewhat of a mystery.
“My message for companies that think they haven’t been attacked is: you’re not looking hard enough.” James Snook – deputy director in the Office for Cyber Security, Government Cabinet Office, April 2016.
“I’ve been through stages of denial, disbelief, frustration. A couple [of] individuals displayed incredibly poor judgement and incompetence.” Robert Pera, billionaire, on phishing loss of $46.7m that his staff didn’t tell him about – January 2016.
Oops… But half of the time staff don’t even realise an attack has happened - it’s external parties that discover data breaches, which is why breach detection is still such a mystery for many victims.
Most information on data breaches focuses on the period from 2005 to today, largely because of the major advancement in technology and increase in the wealth of electronic data around the globe during this time, making data breaches a primary concern for both businesses and consumers.
If you’re involved in a data breach in today’s world, it’s likely to impact hundreds of thousands – or perhaps millions of consumers, and many more individual records, just from one single attack on an individual company.
And the opportunities for criminals to carry out an attack are only going to increase. By the year 2020, over one third of all data will live in or pass through the cloud, and data production is predicted to be 44 times greater than it was in 2009.
In the U.S, companies and government agencies suffered a record 1,093 data breaches last yearaccording to the Identity Theft Resource Centre – up a massive 40% on 2015. But 2017 is looking even worse. Between January 1st and June 30th this year, there were 2,227 publicly disclosed data breaches exposing more than 6 million records, meaning that the number of records compromised in the first half of 2017 is already more than the whole of 2016. Hacking, skimming and phishing attacks continue to be the leading cause of data breach incidents.
1. Institute end user security awareness
2. Craft an encryption policy – and enforce it
3. Deploy intrusion detection and prevention
4. Stop drive-by downloads
5. Perform regular vulnerability assessments
6. Apply comprehensive patching
7. Employ insider behaviour monitoring
8. Back it up
“In an age of an unprecedented threat level, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution.” Matt Cullina, CEO of CyberScout and Vice Chair of ITRC’s Board of Directors.
Responsible computer recycling is vital, if you want to ensure your data is secure, and also reduce potentially health and environmentally-harming e-waste. So if your company is one that is committed to the ethical recycling of its obsolete computers and technology products, make sure secure and environmentally friendly computer recycling that adheres to proper recycling regulations is part of your consideration. It’s also important to be aware that companies are now legally obliged to safely dispose of potentially sensitive information in accordance with current security laws and the Data Protection Act of 1998. Be sure only to use a computer recycling company that operates in accordance with, and preferably exceeds all government guidelines such as the WEEE Directive and the Data Protection Act.