Many cybersecurity experts identify 2020 to be the turning point for data breaches and total cyberattacks. Data breaches skyrocketed last year with 31 billion records compromised in a span of just 12 months, according to Canalys. This means a shocking 171% increase from the previous year. According to ZDNet, since 2005, a total of 55 billion data records have been compromised — well over half of that total occurring just last year. Understanding how data breaches are evolving can help you prepare for what is to come and what it means for your business, regardless of your industry.
The Race to Digitize Increasing Data Breaches
In an attempt to keep up with the competition, businesses have remained focused on increasing their digital presence over the past few years. With this focus on going digital, many businesses have ignored the threats that come with this move. To avoid an unexpected attack on your network in the move to an online presence, it’s best to stay aware of the threats related to cybersecurity, understanding that any business has the ability to be a victim of a data breach.
The COVID-19 pandemic has laid the perfect foundation for hackers to take advantage of businesses and their data. Although, the pandemic only helped accelerate the growing data breach issues that were previously occurring. Compromised data records saw an increase of 200% in 2019 alone, according to ZDNet. In 2020, working from home has called for more businesses to move data online and offsite from brick-and-mortar locations. Remote work not only challenged businesses on data distribution concerns, but employees working from different locations make it more difficult in spotting where cyberattacks originate from. IBM Security found that 76% of organizations felt that remote work in response to the pandemic would challenge the response to any cyberattack that occurred. Data uncontained and accessed through multiple networks has allowed hackers to enter databases with more ease.
Data Breaches Across Industries
The medical industry has historically taken the hardest hit. A report from Verizon confirms the medical industry has seen a 58% increase in data breaches just this past year. Cloud computing can be a wonderful option for business data storage, but a recent data breach concerning Blackbaud demonstrates how data protection isn’t always guaranteed. Blackbaud, a cloud computing vendor hosting a variety of different clients in different industries, including the medical industry, fell victim to a data breach attack in 2020, according to Health IT Security. The hackers stole sensitive data from donors, patients and a number of other individuals related to the organizations. The speculated information stolen during this data breach included email addresses, bank account information, social security numbers, as well as access to usernames and passwords.
With this increase in data breaches comes an increase in costs relating to the attacks. Medical entities incur the highest costs at $7.13 million across the industry according to IBM Security. Within the span of this report, this cost increased 10%, and cybersecurity experts only expect this number to rise.
Not all industries saw a complete increase in costs related to data breach spending. In fact, 13 out of the 17 industries in this report saw a decline in average cost, with media, hospitality, public sector and education being among the industries with the steepest declines. The cybersecurity threats are just as strong in these industries though.
One of the most notable data breaches from last year was the incident with SolarWinds. According to CNet, around 18,000 government and private networks using IT management services at SolarWinds were threatened in a data breach. Russian hackers installed malicious malware into an update for the company’s software platform. Hackers then selected which systems they wanted to infiltrate.
This incident brought great concern to the security of what most would consider highly secured networks. The Washington Post states that the Departments of Homeland Security, Commerce, State and Treasury were all affected by this malicious scheme as well as the National Institutes of Health. While the U.S. Department of Energy and the National Nuclear Security Administration were targeted for their nuclear programs, the hackers were thankfully less successful with accessing information from these departments. Noting that hackers were able to gain access to government networks containing sensitive information has raised alarms for the need to increase cybersecurity efforts.
On the other hand, the most notable private entities affected during this attack on SolarWinds were Microsoft, Deloitte, Intel and Cisco. Other non-governmental organizations like the California Department of State Hospitals and Kent State University were also among those caught in the data breach. This goes to show that hackers can go undetected even in the most reputable organizations.
When considering cybersecurity for your business, consider the fact that hackers have been able to target and gain access into governmental entities as demonstrated by the SolarWinds data breach. Human error is one of the leading causes of cyberattacks. In fact, Security Magazine states that 95% of all cyberattacks occurred due to some type of human error. Whether or not the SolarWinds data breach occurred due to human error, it has been a turning point for cybersecurity efforts across all types of organizations.
Data Breaches Costing Businesses
With this increase in attacks over the past few years, data breaches are costing businesses an alarming amount of money. According to a 2020 report from IBM Security, the average cost of a data breach that occurred last year was $3.86 million. Considering the average time it takes for businesses to detect a data breach, this number makes sense. On average, data breaches are not identified until 207 days after the start of the attack. Within that time frame, thousands and even millions of files are compromised.
By not providing your business with the correct cybersecurity, you’re also putting your employees’ data at risk. The same IBM report found that in all the breaches that occurred in 2020, 58% also compromised the personal data of employees. The best way to protect your employees’ data is by informing them of these threats and being cautious of what personal data can be found across all business and personal networks.
Recommendation for Businesses
While the goal for total data breaches is zero, no business is immune to cyberattacks. TechRepublic mentions that the best way for businesses to prepare other than expanding cybersecurity protection is to create a contingency plan. This plan will be in place if the need arises for your business to inform those affected by the breach as well as mitigating damages.
In any situation, transparency is key. Communication from any business goes a long way, especially when it involves data outside of the business. Impacted business partners and customers have the right to know what is happening to their data and, as a business, it’s the ethical approach to inform those affected. As seen in the data breach with Blackbaud, the attack happened in May, but affected individuals weren’t notified of the breach until July, according to Healthcare Info Security. Not informing affected individuals close to the date of the attack can impact an organization with more than distrust, but more serious consequences such as lawsuits.
Informing these persons on what took place, the information that has been exposed to hackers and what this means for them are the most important questions you should answer when developing these contingency plans. The best way to prepare your business is by implementing as much cybersecurity as your budget allows while also creating communication plans.
Let MDL Help Protect Your Business
Data breaches can happen to any business no matter the size. Based on the increased amount of data breaches over the past year, you should consider putting protections in place to prevent your business from falling victim to data loss or manipulation from a data breach attack. MDL offers 24/7 network monitoring services targeted to help protect your business from data breach threats.
At MDL, we make it a priority to implement the best practices for your business when it comes to cybersecurity. Our services help train your employees to spot warning signs of cyber threats and add an extra level of protection by backing up data externally. In the event that your data is lost, stolen or manipulated, it will always be secure with MDL. Don’t let your business be a victim of a cyberattack and get protected with MDL Technology today.