evolution of the data breach

Evolution of the data breach

As our lives are increasingly lived online, the potential for a breach of sensitive data only increases. Data breaches can occur through hacking attempts, internal theft, system misconfiguration, or accidents.

You’ve seen the headlines of major data breaches impacting organizations like Equifax or Facebook. The goal of these breaches varies from disrupting services to selling data on the dark web. You may think data breaches only affect huge corporations, but the truth is data breaches are one of the top 5 threats every business faces.

Learn how this threat has evolved, what it can cost you, and how to protect your business.

A brief history

Serious data breaches began nearly fifteen years ago as businesses began to digitize and store large databases online. The first major reported breach happen to internet giant AOL in 2004 when a list of 92 million usernames was stolen and sold by an AOL employee.

A more notable recent example is the data breach of Equifax, which resulted in the records of 150 million people being compromised. Put in context, that number represents nearly half of the current US population. The scope and severity of the breach has continued to unfold as investigators determine what and how much was taken.

In recent weeks, the Mariott hotel chain has reported being the victim of a four-year-long breach, resulting in half a billion customer records being compromised. But that number pales in comparison to the truly massive breach of all three billion Yahoo! email accounts in 2013.

Data breach methods

Breaches occur from a variety of sources. It’s not just a person in a dark room hacking away from a command terminal. Business systems are vulnerable to impersonation or socially engineering a password. A common method is a lost or stolen device that contains sensitive data, such as a laptop, phone, or USB drive.

Simple mistakes like misconfiguration or accidentally publishing credentials are also common. An employee error was responsible for exposing sensitive patient data from BlueCross Blue Shield for months before it was caught and corrected. And as seen in the AOL breach mentioned above, intentional theft by employees is also a threat.

Failure to update applications and services is another vulnerability you need to be aware of.  Applications with deep roots into your system seem obvious, but an attack can come through any application or service, like a game downloaded from the internet.

The cost of a breach

The cost of a data breach is estimated at $7.35 million and the price is only rising. Discovering and fixing an attack doesn’t mean the damage is done. Costs can continue to come from direct damage to your business or customers, lawsuits, paying for identity protection services for victims, as well as damage to your business’ reputation.

The new European General Data Protection Regulations (GDPR) law is enforcing heavy fines for data breaches. This law also applies to any company who does business in the European Union. The US does not yet have a similar law in place, but pressure is mounting as more and more vulnerable data becomes prone to attack.

How to protect your business

Fortunately, there are lessons to be learned from these attacks. Your managed IT services provider can make sure your system is up-to-date and properly configured. They can also make sure you have a data backup and recovery plan in place to keep your data safe from digital, internal, or any other kind of threat.