AN ORGANIZATION'S NIGHTMARE:
DATA BREACH
In
recent years, data breaches have increased significantly. New ways of data
breaches are discovered every year, and millions of incidents are reported. The
best way to protect your data is to stay up to date on the latest data theft
techniques.
Business of all sizes have become increasingly dependent on digital
data, cloud computing, and workforce mobility, resulting in widespread
attention to data breaches. Data from a company is stored on local machines, in
enterprise databases, and on cloud servers, so breaching a company's data is as
simple - or complex - as gaining access to restricted networks.
Companies did not start experiencing data breaches when they began
storing their protected data in digital form. Data breaches have existed for as
long as individual and corporate records have been kept and private information
stored. In the days before computing became prevalent, a data breach could be
something as simple as viewing an individual's medical records without
authorization or discovering discarded sensitive documents. Despite this, there
were more publicly-disclosed data breaches in the 1980s, and in the 1990s and
early 2000s, public awareness of the potential for breaches increased.
Companies and organizations handling sensitive consumer information are
provided with guidelines through laws and regulations such as HIPAA and the PCI
Data Security Standard. Although these regulations set up the standards for
safeguarding, storing, and using sensitive information, they don't apply to all
industries, nor can they prevent data breaches in all cases.
The majority of information about data breaches is from 2005 to the
present. The reason for this is due to the rapid advancement of technology and
proliferation of electronic data throughout the world, giving both businesses
and consumers a concern about data breaches. Almost all data breaches today
affect hundreds of thousands - if not millions - of individuals and even more
records, all from one attack on a single company.
Data loss or leaks in large organizations occur most often as a result
of hacking, negligence, or a combination of both. However, there are a few
other types of data loss and/or corruption that would be considered breaches.
Let's take a look at four additional types of breaches.
FOLLOWING
ARE THE 4 COMMON TYPES OF DATA BREACHES:
Ransomware is malicious software
that steals access to vital data (e.g., files, systems) and locks down those
access points. Businesses are the most common targets of these attacks. Locked
down files and/or systems are demanded with the use of cryptocurrencies (most
often Bitcoin).
Malware is software that damages computer files or systems. Often,
malicious code masquerades as a warning against malicious programs in an effort
to convince users to download the very program types mentioned in the
"warning" message.
Phishing is when someone or
something poses as a trustworthy, reputable entity in an attempt to collect
sensitive data (typically banking or highly personal details). It is not only
the Internet that is subject to these attacks. Typical phishing scams use the
following methods:
- Browser pop-ups
- An email attached to a link
- Pretending to be a representative of a
reputable company
A
denial-of-service (DoS) attack prevents users from accessing websites and
webpages. It's known as a distributed denial-of-service (DDoS) when it happens
at large scale. Certain large-scale attacks can cause the disruption of many
online services in certain regions. Among the largest DDoS attacks on record is
the 2016 attack on Dyn, which rendered a significant portion of Eastern U.S.
Internet access virtually unusable for several hours. GitHub was the
victim of the largest and most recent DDoS attack in February of 2018.
A GREATER
NUMBER AND A GREATER IMPACT : DATA BREACHES
There have been attempts by experts and other media outlets to identify
the largest data breaches in history. The number of cyber attacks is on the
rise, according to Statista, which measures US data breaches and records
exposed since 2005. 157 data breaches were reported in the U.S. in 2005,
with 66.9 million records exposed. Almost 85.61 million records were exposed in
2014, a four-fold increase from 2005. The number of reported breaches more than
doubled in three years to 1,579 in 2017. These are Statista's numbers, which
are somewhat conservative in comparison with Verizon's data breach report or
other industry standards.
Although the trend is not constant, it was down from 656 breaches in
2008 to 498 in 2009. However, the number of records exposed has increased
sharply since 2008, rising from 35.7 million to 222.5 million in 2009. The
figures indicate that despite fewer breaches, the breaches themselves were
larger, exposing more records per breach even though fewer breaches occurred
overall.
The number of data breaches reported between 2010 and 2011 also
decreased by 662 in 2010, and by 419 in 2011. However, the number of data
breaches reported in the United States has steadily increased since 2011:
- 614 data breaches reported in 2013 and 783 in
2014 while 1,093 data breaches reported in 2016 followed by 1,579 data
breaches reported in 2017.
Forbes
reports that there have been over 300 data breaches over the past decade,
resulting in 100,000 or more records being stolen. These are only a few of the
data breaches that were publicly reported.
THE BIGGEST DATA BREACH IN HISTORY
One of the three major credit reporting agencies,
Experian, was indirectly involved in the largest data breach in history. The
company acquired Court Ventures, which aggregates public records and gathers
information, in March 2012. As part of the acquisition, Court Ventures acquired
a company called U.S.A Info Search. Customers of U.S.A Info Search were able to
access the data of the company to find addresses that they could use to
determine which court records they needed to review.
In addition, Court Ventures sold information to a
Vietnamese fraudster service, which then provided its own customers with access
to American personal information, including financial information and Social
Security numbers, which was then used to commit identity theft in many cases.
Following the acquisition of Court Ventures by
Experian, the U.S.A Secret Service notified us that Court Ventures had been and
was continuing to resell data from a U.S.A Info Search database to a third party,
possibly engaged in illegal activity. Court Ventures facilitated the access to
U.S.A Info Search's databases, which were obtained before Experian acquired the
company." Experian maintains that no Experian databases were breached;
U.S.A Info Search's databases contained the consumer information.
It is reported that 200 million records have been
compromised in this breach, which lasted for more than 10 months after Experian
acquired Court Ventures. However, DataBreaches.net reports that 200 million
records represent the number of records that were initially exposed, not the
actual number of records exposed.
No comments:
Post a Comment