On average, data breaches cost businesses $3.86 million per incident globally, although they can cost some businesses hundreds of millions of dollars. They are quickly becoming one of the most pressing concerns of businesses around the world.
In short, data breaches are something that every business should be concerned about no matter their size. There are a number of different ways that data breaches occur as well as numerous ways to protect against them. The biggest threat to any individual business is going to vary from business to business, so it is important for every business to do a threat analysis to determine where their greatest vulnerabilities are and where to place their highest levels of security.
How Do Data Breaches Occur?
Data breaches can be the result of either internal or external threats. Here are just a few of the ways that data breaches can be achieved.
- System vulnerabilities: Most software companies are constantly updating their products to keep up with advancements in hardware capabilities. Some of these updates create unexpected vulnerabilities, however, that cybercriminals are constantly looking to exploit. When a cybercriminal discovers a vulnerability in any specific program, it makes every business that uses that software vulnerable. Software companies release security patches sometimes within minutes of a vulnerability being discovered, but they don't do a whole lot of good if businesses do not update their software and apply the patches.
In some cases, it is not the software that is vulnerable but third-party vendors that may have access to your system that doesn't, in turn, have the same level of security that you do. In fact, one of the largest data breaches in history, the Target data breach, was accomplished by exploiting a link between an HVAC company that had minimal security but direct access to Target's financial network. The security of your system is only as strong as the weakest security of all the systems tied into yours.
- Weak or stolen passwords: Every year Splashdata compiles a list of the most commonly used passwords culled from the dark web. Every year, the passwords "password" and "123456" top the list the same way they have for most of the last decade. Complicated passwords and frequent password changes force employees to write their passwords down, which they often store in unsecure locations such as on the bottom of their keyboard, stapler or pencil cup. Reusing passwords also creates a serious problem, since many websites still store login information in plain text files. Hackers often target sites with minimal security, then use the same login credentials to break into sites with much higher security.
- Employee negligence: A study conducted by Keeper Security and the Ponemon Institute found that more than half of all SMB's surveyed had experienced a ransomware attack that year, with 79% of them being the result of a phishing or social engineering attack aimed at tricking employees into clicking on a malicious link. For this and other reasons, employee negligence continues to be the #1 cause of all security breaches.
Data Breach Prevention
Sadly, the majority of data breaches are painfully easy to prevent. While it is easy to blame employee negligence for the vast majority of data breaches, the truth is, many businesses do not have comprehensive plans in place in the first place to deter employee negligence. In the same survey conducted by Keeper Security and the Ponemon Institute, 56% of IT professionals surveyed said they had no password policy in place, and among the 43% that did, 68% said they either did not strictly enforce their policy or were unsure if one even existed. Another 59% of respondents said they do not have visibility into their employees' password practices, which means they have no idea if their employees are actually creating unique or strong passwords or even keeping them secure.
While password protection alone is not enough to secure the most vulnerable data, password protection still remains the first line of defense against most breaches. With the rise in mobile device usage, password protection is even more important. Mobile devices often store passwords and allow users to log on by simply using the device. Unfortunately, users who do not password-protect their devices or use biometric scanning to lock and unlock their devices create an even bigger security risk than those that use unsecure passwords.
Setting software to update automatically will also prevent a number of potential threats as will doing regular security checks with third-party vendors or anyone who has access to your system. More than anything, simply establishing proper protocols will go a long way towards eliminating any number of threats, large and small. In many cases, data breaches occur simply because too many businesses have no real plan in place to even try to prevent them.
You cannot turn on the news without hearing about a data breach of one type or another. It seems that even large firms, including those trusted by millions to keep their private information secure, are falling victim to data breaches. In this post, we will explain what a data breach is, discuss common data breach methods, address some of the latest trends, and then provide information on how a business or an individual can protect themselves from a data breach.
Recent Large Scale Data Breaches
- Equifax Data Breach
- Marriott Starwood Hotel Data Breach
- Anthem Data Breach
- Experian Data Breach
- Yahoo Data Breach
Ready for the next step?
Spot user behaviors and device information that’s suspicious, and stop those fraudsters in real time. We track billions of devices and our fraud analysts add evidence to make this intelligence even more effective.