Wednesday, October 27, 2021

AWARE OF 'DATA BREACH' IN DIGITAL INDUSTRIES

 

AN ORGANIZATION'S NIGHTMARE: DATA BREACH

 

In recent years, data breaches have increased significantly. New ways of data breaches are discovered every year, and millions of incidents are reported. The best way to protect your data is to stay up to date on the latest data theft techniques.




Business of all sizes have become increasingly dependent on digital data, cloud computing, and workforce mobility, resulting in widespread attention to data breaches. Data from a company is stored on local machines, in enterprise databases, and on cloud servers, so breaching a company's data is as simple - or complex - as gaining access to restricted networks.

Companies did not start experiencing data breaches when they began storing their protected data in digital form. Data breaches have existed for as long as individual and corporate records have been kept and private information stored. In the days before computing became prevalent, a data breach could be something as simple as viewing an individual's medical records without authorization or discovering discarded sensitive documents. Despite this, there were more publicly-disclosed data breaches in the 1980s, and in the 1990s and early 2000s, public awareness of the potential for breaches increased.


Companies and organizations handling sensitive consumer information are provided with guidelines through laws and regulations such as HIPAA and the PCI Data Security Standard. Although these regulations set up the standards for safeguarding, storing, and using sensitive information, they don't apply to all industries, nor can they prevent data breaches in all cases.

The majority of information about data breaches is from 2005 to the present. The reason for this is due to the rapid advancement of technology and proliferation of electronic data throughout the world, giving both businesses and consumers a concern about data breaches. Almost all data breaches today affect hundreds of thousands - if not millions - of individuals and even more records, all from one attack on a single company.

Data loss or leaks in large organizations occur most often as a result of hacking, negligence, or a combination of both. However, there are a few other types of data loss and/or corruption that would be considered breaches. Let's take a look at four additional types of breaches.

FOLLOWING ARE THE 4 COMMON TYPES OF DATA BREACHES:

Ransomware is malicious software that steals access to vital data (e.g., files, systems) and locks down those access points. Businesses are the most common targets of these attacks. Locked down files and/or systems are demanded with the use of cryptocurrencies (most often Bitcoin).

Malware is software that damages computer files or systems. Often, malicious code masquerades as a warning against malicious programs in an effort to convince users to download the very program types mentioned in the "warning" message.

Phishing is when someone or something poses as a trustworthy, reputable entity in an attempt to collect sensitive data (typically banking or highly personal details). It is not only the Internet that is subject to these attacks. Typical phishing scams use the following methods:

  • Browser pop-ups
  • An email attached to a link
  • Pretending to be a representative of a reputable company

A denial-of-service (DoS) attack prevents users from accessing websites and webpages. It's known as a distributed denial-of-service (DDoS) when it happens at large scale. Certain large-scale attacks can cause the disruption of many online services in certain regions. Among the largest DDoS attacks on record is the 2016 attack on Dyn, which rendered a significant portion of Eastern U.S. Internet access virtually unusable for several hours. GitHub was the victim of the largest and most recent DDoS attack in February of 2018.

A GREATER NUMBER AND A GREATER IMPACT : DATA BREACHES

There have been attempts by experts and other media outlets to identify the largest data breaches in history. The number of cyber attacks is on the rise, according to Statista, which measures US data breaches and records exposed since 2005. 157 data breaches were reported in the U.S. in 2005, with 66.9 million records exposed. Almost 85.61 million records were exposed in 2014, a four-fold increase from 2005. The number of reported breaches more than doubled in three years to 1,579 in 2017. These are Statista's numbers, which are somewhat conservative in comparison with Verizon's data breach report or other industry standards.

Although the trend is not constant, it was down from 656 breaches in 2008 to 498 in 2009. However, the number of records exposed has increased sharply since 2008, rising from 35.7 million to 222.5 million in 2009. The figures indicate that despite fewer breaches, the breaches themselves were larger, exposing more records per breach even though fewer breaches occurred overall.

The number of data breaches reported between 2010 and 2011 also decreased by 662 in 2010, and by 419 in 2011. However, the number of data breaches reported in the United States has steadily increased since 2011:

  • 614 data breaches reported in 2013 and 783 in 2014 while 1,093 data breaches reported in 2016 followed by 1,579 data breaches reported in 2017.

Forbes reports that there have been over 300 data breaches over the past decade, resulting in 100,000 or more records being stolen. These are only a few of the data breaches that were publicly reported.

 

THE BIGGEST DATA BREACH IN HISTORY

One of the three major credit reporting agencies, Experian, was indirectly involved in the largest data breach in history. The company acquired Court Ventures, which aggregates public records and gathers information, in March 2012. As part of the acquisition, Court Ventures acquired a company called U.S.A Info Search. Customers of U.S.A Info Search were able to access the data of the company to find addresses that they could use to determine which court records they needed to review.

In addition, Court Ventures sold information to a Vietnamese fraudster service, which then provided its own customers with access to American personal information, including financial information and Social Security numbers, which was then used to commit identity theft in many cases.

Following the acquisition of Court Ventures by Experian, the U.S.A Secret Service notified us that Court Ventures had been and was continuing to resell data from a U.S.A Info Search database to a third party, possibly engaged in illegal activity. Court Ventures facilitated the access to U.S.A Info Search's databases, which were obtained before Experian acquired the company." Experian maintains that no Experian databases were breached; U.S.A Info Search's databases contained the consumer information.

It is reported that 200 million records have been compromised in this breach, which lasted for more than 10 months after Experian acquired Court Ventures. However, DataBreaches.net reports that 200 million records represent the number of records that were initially exposed, not the actual number of records exposed.

No comments:

Post a Comment