Companies both large and small are subject to database breaches. These breaches can not only result in companies having to pay out legal settlements, government fines, bad publicity and loss of consumer confidence. But they can slow a company’s sales for years. A large corporation may be able to survive a series of bad years. But smaller firms, or ones in a very competitive market, may be forced out of the market.
Why Companies Need to Consider Our Software
Norton (What is a data breach?, 2020) defines a data breach as “…a security incident in which information is accessed without authorization.” Data breaches can be costly, and they can significantly hurt individual consumers and businesses of all sizes. As Norton (What is a data breach?, 2020) states: “They are a costly expense that can damage lives and reputations and take time to repair.”
According to Niall McCarthy (McCarthy, 2018), a Data journalist covering technological, societal, and media topics for Forbes: “…the impact of a data breach on an organization averages $3.86 million, though more serious ‘mega breaches’ can cost hundreds of millions of dollars.” McCarthy (McCarthy, 2018) also went on to site a study conducted by IBM in 2018 that interviewed more than 2,200 IT and data protection and compliance professionals from 477 companies and it found that “On average, each record costs $148 and a breach of 1 million records costs $40 million while a breach of 50 million costs $350 million.” He also went on to write (McCarthy, 2018) that the “Average total costs of a data breach also varied heavily between countries with the United States the hardest hit.” An average incident cost of a data breach on U.S. firms in 2018 was $7.91 million.
As Norton (What is a data breach?, 2020) states: “As technology progresses, more and more of our information has been moving to the digital world.” Margaret Rouse in a post on TechTarget (Rouse, n.d.) stated that “Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.” Rouse (Rouse, n.d.) went on to additionally say that “…data breach exposures include personal information, such as credit card numbers, Social Security numbers and healthcare histories, as well as corporate information, such as custom
Most data breaches occur in the banking industry, followed by the healthcare sector and the public sector, according to a 2019 Verizon Data Breach Investigations Report (DBIR). The study included incidents reported from Nov. 1, 2017 to Oct. 31, 2018, and was based on data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries.
While the big breaches make the headlines, the real bread and butter is made in everyday incidents that make money for most of the cyber criminals out there. Davey Windor (Windor, 2019), a Senior Contributor for Forbes who analyzes breaking cybersecurity and privacy stories, wrote that “Your average cyber-criminal is lazy and will scrape up any data exposed by running automated online scripts looking for unsecured databases.” He (Windor, 2019) went on to write that “Businesses of all sizes need to get their security act together, with the business sector accounting for 67% of the reported breaches and 84.6% of the exposed records according to the report.” He also goes on to write:
It doesn't take a genius to work out that something has gone very wrong as far as data security is concerned. Just scanning through the headlines on Forbes is confirmation enough of that: Popular Porn Site Breach Exposed 1.2 Million “Anonymous” User Profiles, CafePress Hacked, 23M Accounts Compromised. Is Yours One Of Them?, Lenovo Confirms 36TB Data Leak Security Vulnerability, 2 Billion Records Exposed In Massive Smart Home Device Breach and Here’s How 2.3 Billion Files And 11 Million Photos, ‘Private’ Ones Included, Were Exposed Online to name but a handful.
The following graphic from statista.com (CyberCrime, n.d.) shows the annual number of data breaches and exposed records in the United States from 2005 to 2018:
The following information from statista.com (CyberCrime, n.d.) shows the number of data breaches in the United States from 2013 to 2018 by industry.
Additionally, roughly 70% of cyber-attacks use a combination of hacking and phishing and 63% of confirmed data breaches involved either weak, stolen, or default passwords (Phishing Box, n.d.). Once a valid user name and password are obtained and entered, the encryption and other protection that is in place just melts away. Maddie Rosenthal of TESSIAN (Rosenthal, 2020) stated that: “Phishing attacks aren’t a new threat. In fact, these scams have been circulating since the mid-90s.” She (Rosenthal, 2020) goes on to state that “…they’ve become more sophisticated, have targeted larger numbers of people, and have caused more harm to both individuals and organizations.” Furthermore, that means that in 2020, despite the fact that there are a growing number of vendors offering anti-phishing solutions, phishing is a bigger problem now, then it ever was (Rosenthal, 2020). Rosenthal (Rosenthal, 2020) states that: “The problem is so big, in fact, that it’s hard to keep up with the latest facts and figures.”
Scott Ikeda of CPO MAGAZINE (Ikeda, 2019) stated that according to Microsoft’s regular Security Intelligence Reports that are published at least annually since 2006, “…that phishing attacks are now by far the most frequent threat to the cyber landscape, increasing a massive 250% since the publication of the previous report.”
According to Data Journalist and Privacy Advocate Sam Cook of comparitech (Cook, 2020):
Attacks will increase in sophistication. According to Kaspersky, as companies catch up with patching security flaws, cybercriminals will be more limited in terms of malware
delivery methods. However, this doesn’t necessarily mean we’ll see a decline in the prevalence of attacks, but rather that less sophisticated schemes will need to be replaced. Indeed, as discussed above, attackers are finding new and innovative ways to bypass detection and filtering measures.
There will be more focus on social engineering. Kaspersky predicts that “the focus on social engineering will increase as other types of attacks become more difficult to carry out.” With some exploit opportunities being closed, attackers may be forced to focus
more on the human factor of phishing. Even with improved education and training, people will always represent a weak link in terms of security.
In addition to Phishing attacks, Danny Palmer of ZDNet (Palmer, 2020) states: “Cyber criminals are
increasingly bullying victims by threatening to leak data if they don’t pay –and the problem is likely going
to get worse, say researchers.” He goes on to further say (Palmer, 2020), that “while groups that steal
covertly may not exfiltrate as much data as groups seeking to use it as leverage, they may well extract
any data that has an obvious and significant market value or that can be used to attack other
organizations.” Additionally, (Palmer, 2020), he goes on to state that:
Ransomware groups like those behind Maze and Sodinokibi have already shown they’ll
go ahead and publish private information if they’re not paid and now now [sic] the
tactic is becoming increasingly common, with over one in ten attacks now coming with
blackmail in addition to extortion.
Camille Singleton, along with Christopher Kiefer and Ole Villadsen (Camille Singleton, 2020) states:
“Ransonware is one of the most intractable – and common – threats facing organizations across all
industries and geographies.” Not only are the number of attacks continuing to rise, but the threat actors
are adjusting their attack models to adapt to improvements that organizations are making. She goes on
to state (Camille Singleton, 2020) that:
For IBM Security X-Force, the importance of ransomware in 2020 is underscored by the
heavy toll this attack type is taking on corporations worldwide. This toll is made
heavier by increasing ransom demands and attacks that blend ransomware with data
theft and extortion techniques.
Furthermore (Camille Singleton, 2020):
Ransomware attack methods in 2020 have in many ways put victims in a more difficult
position than we have observed previously. Those using ransomware to extort victims
have, over time, increased demands, rising to over $40 million in some cases. Blending
attacks with extortion techniques, some ransomware targets companies’ most critical
systems and processes.
- Camille Singleton, C. K. (2020, September 28). Ransonware 2020: Attack Trends Affecting
Organizations Worldwide. Retrieved from Security Intelligence:
- Cook, S. (2020, July 3). Phishing statistics and facts for 2019–2020. Retrieved from
- CyberCrime. (n.d.). Retrieved from Statista: https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
- Ducklin, P. (2020, January 22). Big Microsoft data breach – 250 million records exposed. Retrieved from Naked Security by SOPHOS: https://nakedsecurity.sophos.com/2020/01/22/big-microsoft-data-breach-250-million-records-exposed/
- Ikeda, S. (2019, March 19). Phishing Attacks: Now More Common Than Malware. Retrieved
from CPO MAGAZINE:
- McCarthy, N. (2018, July 13). The Average Cost Of A Data Breach Is Highest In The U.S. [Infographic]. Retrieved from Forbes: https://www.forbes.com/sites/niallmccarthy/2018/07/13/the-average-cost-of-a-data-breach-is-highest-in-the-u-s-infographic/#79a06152f373
- Risk Based Security. (2019, June 30). Retrieved from Risk Based Security: https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report
- Rouse, M. (n.d.). Definition. Retrieved from TechTarget: https://searchsecurity.techtarget.com/definition/data-breach
- Palmer, D. (2020, July 14). Ransomware warning: Now attacks are stealing data as well as
encrypting it. Retrieved from ZDNet: https://www.zdnet.com/article/ransomwarewarning-now-attacks-are-stealing-data-as-well-as-encrypting-it/
- Unknown. (n.d.). Phishing Facts. Retrieved from Phishing Box:
- What is a data breach? (2020, January 23). Retrieved from Norton Web Site: https://us.norton.com/internetsecurity-privacy-data-breaches-what-you-need-to-know.html
- Windor, D. (2019, August 20). Data Breaches Expose 4.1 Billion Records In First Six Months Of 2019. Retrieved from Forbes: https://www.forbes.com/sites/daveywinder/2019/08/20/data-breaches-expose-41-billion-records-in-first-six-months-of-2019/#4c950ed0bd54