As we spend more of our lives online, the risk of sensitive data breaches continues to grow. Hackers, internal theft, system misconfigurations, and accidents all contribute to these breaches.
You’ve seen the headlines of major data breaches impacting organizations like Equifax or Facebook. The goal of these breaches varies from disrupting services to selling data on the dark web. You may think data breaches only affect huge corporations, but the truth is data breaches are one of the top 5 threats every business faces.
Learn how this threat has evolved, what it can cost you, and how to protect your business.
A brief history
Serious data breaches began nearly fifteen years ago as businesses transitioned to storing large databases online. In 2004, internet giant AOL faced the first major reported breach when an employee stole and sold a list of 92 million usernames.
A more recent and significant breach occurred at Equifax, where hackers compromised the records of 150 million people—nearly half of the current US population. Investigators are actively assessing the breach, working to identify exactly what and how much data was stolen.
In recent weeks, the Marriott hotel chain revealed a four-year-long breach that exposed half a billion customer records. However, this number is overshadowed by the massive breach of all three billion Yahoo! email accounts in 2013.
Data breach methods
Breaches occur from a variety of sources. It’s not just a person in a dark room hacking away from a command terminal. Business systems are vulnerable to impersonation or socially engineering a password. A common method is a lost or stolen device that contains sensitive data, such as a laptop, phone, or USB drive.
Simple mistakes like misconfiguration or accidentally publishing credentials are also common. An employee error was responsible for exposing sensitive patient data from BlueCross Blue Shield for months before it was caught and corrected. And as seen in the AOL breach mentioned above, intentional theft by employees is also a threat.
Failure to update applications and services is another vulnerability you need to be aware of. Applications with deep roots in your system seem obvious, but an attack can come through any application or service, like a game downloaded from the internet.
The cost of a breach
A data breach costs an estimated $7.35 million, with expenses continuing to climb. Addressing and resolving an attack doesn’t mark the end of the damage. Costs can continue to come from direct damage to your business or customers, lawsuits, paying for identity protection services for victims, as well as damage to your business’ reputation.
The new European General Data Protection Regulations (GDPR) law is enforcing heavy fines for data breaches. This law also applies to any company that does business in the European Union. The US does not yet have a similar law in place, but pressure is mounting as more and more vulnerable data becomes prone to attack.
How to protect your business
Fortunately, there are lessons to be learned from these attacks. Your managed IT services provider can make sure your system is up-to-date and properly configured. They can also make sure you have a data backup and recovery plan in place to keep your data safe from digital, internal, or any other kind of threat.
