Table of Contents
On January 26, 2021, Night Lion Security, a cybersecurity consulting firm, informed Astoria Company’s top management that they had a serious data breach on their hands. A hacking group calling themselves Shiny Hunters had listed a 300-million-user database for sale on a dark web forum.
The database was allegedly stolen from the Astoria Company, an advertising agency focused on lead generation, possessing the records of hundreds of millions of Americans. Most notably, the listing also included millions of Social Security numbers belonging to Astoria Company’s clients.
The breach was massive in both scale and severity. A deeper analysis showed that at least 10 million Astoria customers had their Social Security numbers, bank accounts, and driver’s license numbers exposed. In addition, millions of users had other information, such as their credit history, medical data, home, and vehicle information leaked.
The Astoria Company breach illustrates a dangerous new component of cybercrime and data breaches; the fact that cybercriminals have evolved their target selection and methods. Attacks have become more targeted and focused on huge datasets of extremely sensitive information that can be easily monetized through dark web markets.
The numbers support this assessment. RiskBased Security’s 2021 Mid-Year Data Breach QuickView Report revealed a 24% drop in data breaches so far. However, according to the latest data breach report by IBM and the Ponemon Institute, the average cost of a single data breach in 2021 has climbed to $4.24 million.
Additionally, the shift to remote working during the COVID-19 pandemic has increased the severity of data breaches. On average, data breaches involving remote workers as a factor were over $1 million more expensive.
In light of the constantly increasing cost of data breaches, let’s discuss what companies can do to reduce their exposure to cybercrime. We’ll cover what a data breach is, what businesses are especially vulnerable, what a potential breach could mean for your business, and what methods of prevention you should consider.
What Exactly Is a Data Breach?
A data breach refers to a security incident where an unauthorized person accesses confidential, sensitive, or protected information. Most organizations can be at risk of a data breach; from small one-person businesses to multinational enterprises. More worryingly, anyone sharing their sensitive information with these companies can also be exposed.
Data breaches can stem from a variety of sources. Criminals are employing increasingly sophisticated cyber attacks such as distributed denial of service (DDoS), malware, ransomware, and password crackers. Combating such attacks requires significant investment in cybersecurity and employing dedicated security professionals.
However, most data breaches don’t involve these carefully planned, sophisticated cyber attacks or advanced hacking software. They are typically caused by human error or mundane oversights by employees with access to sensitive data. While this doesn’t make them any less damaging, it does mean that good, old-fashioned employee training and awareness initiatives may have a profound impact on the state of your organization’s cybersecurity.
Identifying Your Data Exposures
The first step towards keeping your sensitive data safe is identifying what is considered to be sensitive data. Cybercriminals will target the non-public personal information (NPI) and personally identifiable information (PII) stored on your networks because it can be most easily sold and monetized.
NPI includes the following user/client information:
- Social Security numbers
- Driver’s license numbers
- Account numbers
- Credit card and payment history
- Loans or bank deposit information
- Court records
PII includes all of the data above, plus additional forms such as:
- Web aliases and nicknames
- Unique Personal Identifiers
- IP Address
- Email Address
- Account names
- Non-Public Personal Property Records
- Biometric information
- Any internet activity
- GPS information
- Data related to employment and education
In short, a considerable percentage of the information a company collects from its users needs to be protected, as it’s potentially valuable to cybercriminals.
Once you’ve compiled a list of what needs to be protected, the next step is to identify where that information is stored, transmitted, and processed so you can properly protect those areas.
Locating and categorizing all the folders, logs, files, virtual machines, and on-premise servers that are involved with or store sensitive information will help you create a plan for properly protecting from a data breach.
The final step in the identification process is determining who has access to your sensitive data. While this may seem like a straightforward task, keep in mind that there are several “levels” of users that will have access to varying degrees of confidential data.
Not only can your “standard” users (employees, contractors, etc.) be compromised, but you also need to consider what could happen if users with special privileges, such as network administrators, are successfully targeted by cybercriminals. Also, from the standpoint of cybersecurity, varying machine “identities” such as APIs, software updaters, and SSL certificates that have access to your networks and data can be seen as users.
Additionally, keep in mind that you’ll have to account for every device that each user will use to access your networks, as they can be used as a Trojan horse to breach your systems. Almost any device your company uses can be a vulnerability; personal computers, smartphones, laptops, phones, printers, IoT tools, hubs, modems, network adapters, and more. Cybercriminals will look for exposed devices so they can gain illegal access to your data. This means that you need to know what devices your employees use so that you can secure them.
Once you are able to identify what data you’re trying to protect, where it’s stored and processed, and who has access to it, you’ll be able to better implement effective policies and methods to prevent data breaches.
Data Breach Prevention Methods
There are several common tactics criminals use to steal data, and even though their methods and attack patterns have evolved, the basic principles still hold, simply because they remain effective. One might choose to think of them as criminal classics; time-tested and continually effective.
Business owners that want to prevent data breaches will need to familiarize themselves with these tactics and take the necessary precautions to avoid becoming yet another victim of cybercrime. Let’s discuss these tactics and what you can do to protect your data from them:
Weak or Stolen Passwords
In many cases, cybercriminals don’t need to work hard to compromise your data – all they need is for an employee to be careless with their credentials. This can happen if they use a weak password that’s easy to guess or keep their passwords in an accessible location – either physically or digitally.
This is why a password creation and management policy is a crucial component of cybersecurity. When establishing your policy, you should ensure that it complies with suggested best practices, such as the password should have more than ten characters containing at least one upper-case letter, one number, and one special character. You may also want to consider purchasing a password management program for your company so that your passwords are both more unique and kept safe.
Phishing is a form of social engineering that is carried out with the intention of gaining illicit access to restricted information such as login credentials, bank accounts, or credit card numbers. Phishing relies on creating a sense of urgency and pressure from superiors or official entities to get your employees to willingly provide sensitive information by faking emails, online chat clients, or impostor websites.
Preventing phishing is all about employee training and following cybersecurity procedures. Your employees will need to get in the habit of carefully examining any links and attachments contained in the emails they receive.
Ransomware is a type of attack in which sophisticated malware is used to capture or block your devices or networks and then force you to pay a ransom to get them back. The malware is typically spread through phishing attacks or network vulnerabilities.
To prevent data breaches caused by ransomware, it’s crucial to have up-to-date anti-malware software and firewalls. Antivirus and antimalware software offer the first line of defense and the majority of attacks will never get past it. If an attack does get through, having a strong data backup policy, with well-protected online and offline backup points, will help thwart cybercriminals attempting to obtain and hold your data hostage. Additionally, as ransomware attacks often rely on human error to be successful, employee training and education are once again essential components of keeping your data safe.
How Insurance Can Help
Given how costly and frequent data breaches are, most businesses should consider investing in a cyber insurance policy with a data breach coverage inclusion. A cyber liability insurance policy will enable your businesses to transfer the potential risks and costs associated with data breaches and recovery from them to the insurer.
Cyber insurance is a crucial part of any data breach response for two reasons: it will not only cover your losses caused by the breach, but it can also give you access to better cybersecurity experts provided by the insurer before any breach occurs.
Each policy will essentially have two types of coverage: first-party and third-party. First-party cyber liability insurance will pay for the losses your company suffers due to a data breach and help you get your systems and networks back online. Third-party cyber insurance will cover defense costs and settlements in the event that someone outside your business is affected by the breach and decides to sue you for damages.
A cyber insurance policy can be seen as the last line of defense that can turn a disastrous data breach into a minor inconvenience. If you’d like to know more about your insurance options and need help determining what coverage your business needs to be properly protected from data breaches, feel free to reach out to one of our expert brokers at any time.
Practice good work-from-home cybersecurity hygiene to keep yourself, your family, and your employees safe. Learn more by reading our tips.