THE DATA BREACHES REPORT: The strategies companies are using to protect their customers, and themselves, in the age of massive breaches
Over the past five years, the world has seen a seemingly unending series of high-profile data breaches, defined as incidents in which unauthorized parties access and retrieve sensitive, secure, or private data.
Major incidents, like the 2013 Yahoo breach, which impacted all 3 million of the tech giant's customers, and the more recent Equifax breach, which exposed the information of at least 143 million US adults, has kept this risk, and these threats, at the forefront for both businesses and consumers. And businesses have good reason to be concerned - of organizations breached, 22% lost customers, 29% lost revenue, and 23% lost business opportunities.
This threat isn't going anywhere. Each of the past five years has seen, on average, 1,704 security incidents, impacting nearly 2 billion records. And hackers could be getting more efficient, using new technological tools to extract more data in fewer breach attempts. That's making the security threat an industry-agnostic for any business holding sensitive data - at this point, virtually all companies - and therefore a necessity for firms to address proactively and prepare to react to.
The majority of breaches come from the outside, when a malicious actor is usually seeking access to records for financial gain, and tend to leverage malware or other software and hardware-related tools to access records. But they can come internally, as well as from accidents perpetrated by employees, like lost or stolen records or devices.
That means that firms need to have a broad-ranging plan in place, focusing on preventing breaches, detecting them quickly, and resolving and responding to them in the best possible way. That involves understanding protectable assets, ensuring compliance, and training employees, but also protecting data, investing in software to understand what normal and abnormal performance looks like, training employees, and building a response plan to mitigate as much damage as possible when the inevitable does occur.
Business Insider Intelligence, Business Insider's premium research service, has put together a detailed report on the data breach threat, who and what companies need to protect themselves from, and how they can most effectively do so from a technological and organizational perspective.
Here are some key takeaways from the report:
- The breach threat isn't going anywhere. The number of overall breaches isn't consistent - it soared from 2013 to 2016, but ticked down slightly last year - but hackers might be becoming better at obtaining more records with less work, which magnifies risk.
- The majority of breaches come from the outside, and leverage software and hardware attacks, like malware, web app attacks, point-of-service (POS) intrusion, and card skimmers.
- Firms need to build a strong front door to prevent as many breaches as possible, but they also need to develop institutional knowledge to detect a breach quickly, and plan for how to resolve and respond to it in order to limit damage - both financial and subjective - as effectively as possible.
In full, the report:
- Explains the scope of the breach threat, by industry and year, and identifies the top attacks.
- Identifies leading perpetrators and causes of breaches.
- Addresses strategies to cope with the threat in three key areas: prevention, detection, and resolution and response.
- Issues recommendations from both a technological and organizational perspective in each of these categories so that companies can avoid the fallout that a data breach can bring.