In 2017, 551 data breaches were reported that affected US citizens. Analyzing the circumstances around them gives us valuable insight into the importance of businesses protecting their customer data in the future.
Your Healthcare Data is Valuable
The healthcare industry was the most affected by data leaks in 2017, with 328 disclosed breaches. A number of factors contributed to this, but as Chris Carter from Approyo says, the most significant is the high value of data.
“Cyber crooks target health firms due to the sheer quality of data, all your personal and company data in one place for them to perpetrate fraud in one location.”
The added layers of data that the healthcare industry collects paints a bigger target on its back than any other. The likes of Retail and Finance are also high on the list of potential targets, as payment information offers quick wins for hackers looking to commit fraud.
The ease with which we transfer our personal data to businesses leaves them with bigger farms of data to protect, and hackers with greater incentives. Technology companies, which hold a large proportion of this data, saw 1.7 billion records compromised in 2017.
The Cost is Too High to Ignore
Cost is often cited as a significant reason for not investing properly in securing company data, particularly for smaller organizations. But looking at the figures, the cost of a breach is not worth the risk to any businesses of any size.
Data breaches cost US businesses an estimated $1.9 billion in 2017. The 2017 Ponemon Cost of Data Breach study placed an average cost of a $3.62 million per breach last year.
Couple this with the damage a breach can have on a company’s reputation, something which can take much longer to repair, and the risks of not investing in cybersecurity are too great to ignore.
Small Businesses Are Now a Target
One of the largest shifts in cybersecurity in 2017 was a re-focusing on the size of businesses that are regularly targeted.
Small businesses are being increasingly targeted by hackers looking for modest but more regular wins. Smaller businesses often lack the capital and expertise to properly protect their customer data, leaving greater weaknesses in their systems for hackers to exploit.
“As larger organizations take additional steps to protect their data, cybercriminals will turn their focus towards stealing data from “smaller” targets,” Confirmed Will Quick from law firm Brooks Pierce.
A number of industries include businesses that, despite their relative size and the high value of stored data, still only pump moderate budgets into cybersecurity. Non-profit organizations (6 breaches in 2017) will prioritize funneling all their money into their chosen cause; many healthcare offices are run like small businesses despite the value of their data.
This leads to paltry cybersecurity budgets, and hackers know it. One example comes from the Retail industry, where Spiral Toys saw 2 million reported records compromised.
People Are a Big Problem
When locating the biggest flaws in many businesses’ cybersecurity systems, Carter says you only have to look as far as the people involved.
“People are the weakest link and most people don’t know how to protect themselves or the companies they work for.”
27% of disclosed data leaks in 2017 were down to an unintended disclosure. Examples include health data passed over to the wrong patient, or a cloud server being misconfigured to allow public access. A Simple human error causes a significant chunk of data breaches, emphasizing the need for businesses to train their staff in best practice and increase awareness on the level of risk.
Just through being more vigilant and following more stringent security processes, a quarter of data leaks could be reduced. Couple this with simple security measures like safer password creation and two-step authentication, and the risk of data leaks to businesses could fall significantly.
It Could Get Worse in 2018
There are currently no indications that hacking is on the decline, with 2018 forecast to have an increase in the number of leaked files when compared to 2017.
The sophistication of phishing scams is improving all the time, and it’s this field of cybercrime that’s expected to carry the biggest danger in the future.
Asked which areas of cybersecurity businesses need to invest the most resources into, Pieter Vaniperen from CodeDefenders highlighted the need for a change in culture.
“Training, training, and more training. Businesses need to treat cybersecurity as a shared responsibility that is part of everyone’s duties and failing to do your part has repercussions for you.”
Alongside it, you’ll need to ensure that responsibility for cybersecurity lays with every member of staff, not just a select few.