We recently published a checklist of the Top 5 Reasons You Should Outsource Your IT Security Now after the news broke that Exactis had a major security breach.
I had been catching up on Twitter when I saw the news of the breach. However, before I could click on the link, my Twitter feed jumped and I didn’t catch the details of the attack. So I did a quick search, and the results were overwhelming. I hadn’t caught the name of the company and when you search the news for “security breach” good news is nowhere to be found. Here is a sampling of what I did find:
1. From CSO Online: Biggest Data Breaches of the 21st Century. https://www.csoonline.com/article/2130877/data-breach/the-biggest-data-breaches-of-the-21st-century.html
While they go into specifics, they posted this summary graphic. Yes, that says BILLIONS!
2. From Identity Force: 2018 Data Breaches The Worst So Far. https://www.identityforce.com/blog/2018-data-breaches
These guys keep a running list of 2018 Data Breaches, and the list is scary. They also shared a statistic from the Identity Theft Resource Center (ITRC) that in 2017 there were a total of 1,293 data breaches that compromised 174 million records in the US also! That is 2016 more than the previous year. Worse? 2018 is continuing this trend.
3. From Forbes: Security Breaches, Motivated By Money First https://www.forbes.com/sites/louiscolumbus/2018/05/15/76-of-it-security-breaches-are-motivated-by-money-first/#61f33d86199e
They shared some of the most interesting insights from the 11th Edition of Verizon’s 2018 Data Breach Investigations report which included things like:
- 76% of breaches are financially motivated, and 68% took months or longer to discover.
- 58% of security breach victims are small businesses, the largest segment overall.
But the most frightening, when I picture employees making errors, is that most end-users are unaware they are doing something that causes a data breach. In fact, according to the study:
- System Admins (!) are the top internal actors responsible for the breaches 25.9% of the time.
And back to the breach I was searching for: An exposed database at data broker Exactis exposed nearly 340 million records amounting to around two terabytes of information. Both from a business perspective and as a consumer, frequently making online purchases and transactions, this is concerning. In the article I read, I hoped that the silver lining to this breach would be stricter policies in North America, similar to GDPR in Europe. While policy and the threat of fines being great, you would think that would be incentive enough, but clearly it hasn’t been.
Data security for business today is complex and increasingly difficult. Motivated by money, nefarious people are after your data and will capitalize on any vulnerabilities you may have across your entire footprint. However, with more data, more end-points, more access and a more mobile workforce, even without malintent, data breaches can happen unknowingly or on accident by your own employees. Don’t become complacent, be diligent in the review and updates to your security practice to say current and aligned with the ever changing security landscape. Data security not only protects your data, it protects your brand reputation and your pocketbook.
If you have questions about your IT Security, give us a call to be connected with one of our security experts today.