The Problem

Software that protects sensitive data before and during a breach.

The Problem White Paper The Solution Value Contact Us
Spacer

Companies both large and small are subject to database breaches. These breaches can not only result in companies having to pay out legal settlements, government fines, bad publicity and loss of consumer confidence. But they can slow a company’s sales for years. A large corporation may be able to survive a series of bad years. But smaller firms, or ones in a very competitive market, may be forced out of the market.


Why Companies Need to Consider Our Software


Norton (What is a data breach?, 2020) defines a data breach as “…a security incident in which information is accessed without authorization.” Data breaches can be costly, and they can significantly hurt individual consumers and businesses of all sizes. As Norton (What is a data breach?, 2020) states: “They are a costly expense that can damage lives and reputations and take time to repair.”

According to Niall McCarthy (McCarthy, 2018), a Data journalist covering technological, societal, and media topics for Forbes: “…the impact of a data breach on an organization averages $3.86 million, though more serious ‘mega breaches’ can cost hundreds of millions of dollars.” McCarthy (McCarthy, 2018) also went on to site a study conducted by IBM in 2018 that interviewed more than 2,200 IT and data protection and compliance professionals from 477 companies and it found that “On average, each record costs $148 and a breach of 1 million records costs $40 million while a breach of 50 million costs $350 million.” He also went on to write (McCarthy, 2018) that the “Average total costs of a data breach also varied heavily between countries with the United States the hardest hit.” An average incident cost of a data breach on U.S. firms in 2018 was $7.91 million.

As Norton (What is a data breach?, 2020) states: “As technology progresses, more and more of our information has been moving to the digital world.” Margaret Rouse in a post on TechTarget (Rouse, n.d.) stated that “Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual property.” Rouse (Rouse, n.d.) went on to additionally say that “…data breach exposures include personal information, such as credit card numbers, Social Security numbers and healthcare histories, as well as corporate information, such as custom

Most data breaches occur in the banking industry, followed by the healthcare sector and the public sector, according to a 2019 Verizon Data Breach Investigations Report (DBIR). The study included incidents reported from Nov. 1, 2017 to Oct. 31, 2018, and was based on data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries.

While the big breaches make the headlines, the real bread and butter is made in everyday incidents that make money for most of the cyber criminals out there. Davey Windor (Windor, 2019), a Senior Contributor for Forbes who analyzes breaking cybersecurity and privacy stories, wrote that “Your average cyber-criminal is lazy and will scrape up any data exposed by running automated online scripts looking for unsecured databases.” He (Windor, 2019) went on to write that “Businesses of all sizes need to get their security act together, with the business sector accounting for 67% of the reported breaches and 84.6% of the exposed records according to the report.” He also goes on to write:

It doesn't take a genius to work out that something has gone very wrong as far as data security is concerned. Just scanning through the headlines on Forbes is confirmation enough of that: Popular Porn Site Breach Exposed 1.2 Million “Anonymous” User Profiles, CafePress Hacked, 23M Accounts Compromised. Is Yours One Of Them?, Lenovo Confirms 36TB Data Leak Security Vulnerability, 2 Billion Records Exposed In Massive Smart Home Device Breach and Here’s How 2.3 Billion Files And 11 Million Photos, ‘Private’ Ones Included, Were Exposed Online to name but a handful.

The following graphic from statista.com (CyberCrime, n.d.) shows the annual number of data breaches and exposed records in the United States from 2005 to 2018:

Graphic Stats

The following information from statista.com (CyberCrime, n.d.) shows the number of data breaches in the United States from 2013 to 2018 by industry.

Stat Table

Additionally, roughly 70% of cyber-attacks use a combination of hacking and phishing and 63% of confirmed data breaches involved either weak, stolen, or default passwords (Phishing Box, n.d.). Once a valid user name and password are obtained and entered, the encryption and other protection that is in place just melts away. Maddie Rosenthal of TESSIAN (Rosenthal, 2020) stated that: “Phishing attacks aren’t a new threat. In fact, these scams have been circulating since the mid-90s.” She (Rosenthal, 2020) goes on to state that “…they’ve become more sophisticated, have targeted larger numbers of people, and have caused more harm to both individuals and organizations.” Furthermore, that means that in 2020, despite the fact that there are a growing number of vendors offering anti-phishing solutions, phishing is a bigger problem now, then it ever was (Rosenthal, 2020). Rosenthal (Rosenthal, 2020) states that: “The problem is so big, in fact, that it’s hard to keep up with the latest facts and figures.”

Scott Ikeda of CPO MAGAZINE (Ikeda, 2019) stated that according to Microsoft’s regular Security Intelligence Reports that are published at least annually since 2006, “…that phishing attacks are now by far the most frequent threat to the cyber landscape, increasing a massive 250% since the publication of the previous report.”

According to Data Journalist and Privacy Advocate Sam Cook of comparitech (Cook, 2020):

Attacks will increase in sophistication. According to Kaspersky, as companies catch up with patching security flaws, cybercriminals will be more limited in terms of malware delivery methods. However, this doesn’t necessarily mean we’ll see a decline in the prevalence of attacks, but rather that less sophisticated schemes will need to be replaced. Indeed, as discussed above, attackers are finding new and innovative ways to bypass detection and filtering measures.
There will be more focus on social engineering. Kaspersky predicts that “the focus on social engineering will increase as other types of attacks become more difficult to carry out.” With some exploit opportunities being closed, attackers may be forced to focus more on the human factor of phishing. Even with improved education and training, people will always represent a weak link in terms of security.

In addition to Phishing attacks, Danny Palmer of ZDNet (Palmer, 2020) states: “Cyber criminals are increasingly bullying victims by threatening to leak data if they don’t pay –and the problem is likely going to get worse, say researchers.” He goes on to further say (Palmer, 2020), that “while groups that steal covertly may not exfiltrate as much data as groups seeking to use it as leverage, they may well extract any data that has an obvious and significant market value or that can be used to attack other organizations.” Additionally, (Palmer, 2020), he goes on to state that:

Ransomware groups like those behind Maze and Sodinokibi have already shown they’ll go ahead and publish private information if they’re not paid and now now [sic] the tactic is becoming increasingly common, with over one in ten attacks now coming with blackmail in addition to extortion.

Camille Singleton, along with Christopher Kiefer and Ole Villadsen (Camille Singleton, 2020) states: “Ransonware is one of the most intractable – and common – threats facing organizations across all industries and geographies.” Not only are the number of attacks continuing to rise, but the threat actors are adjusting their attack models to adapt to improvements that organizations are making. She goes on to state (Camille Singleton, 2020) that:

For IBM Security X-Force, the importance of ransomware in 2020 is underscored by the heavy toll this attack type is taking on corporations worldwide. This toll is made heavier by increasing ransom demands and attacks that blend ransomware with data theft and extortion techniques.

Furthermore (Camille Singleton, 2020):

Ransomware attack methods in 2020 have in many ways put victims in a more difficult position than we have observed previously. Those using ransomware to extort victims have, over time, increased demands, rising to over $40 million in some cases. Blending attacks with extortion techniques, some ransomware targets companies’ most critical systems and processes.

Works Cited

"73% of black hat hackers said traditional
firewall and antivirus security is irrelevant
or obsolete."

Source: Thycotic.com
From the WebFX Team, how much cyberattacks actually cost. (WebFX Blog)

  1. A DDoS attack costs $38 per hour to launch.

  2. An attack costs $40,000 per hour to victims.

  3. Cyberattacks cost companies around the world $7.7 million per year.

  4. Cyberattacks cost US companies $15.4 million per year.

  5. Every year, America loses 500,000 jobs to cyberattacks.

  6. More than 50% of cyberattacks are on US companies.

  7. Total annual damage to US economy: $100 billion (0.6% GDP).



Microsoft.com
LifeLock and Norton Google
Amazon
SQL Server Joel Osteen Ministries MySQL LifeLock and Norton
Mother of Perpetual Help Our Lady of Guadalupe Patron Saint of the Internet The Miracle Prayer
Prayer for Forgotten Soul Mayo Clinic National Breast Cancer Foundation, INC. Biz Buy Sell

St. Jude, glorious Apostle, faithful servant and friend of Jesus, Patron of things despaired of; pray for us. Amen.

Please pray for all those who have been, who are, or will be affected by COVID-19.

February 12th, 2020