Cyber-attacks are growing in complexity as well as quantity. By reviewing the data breaches that took place in 2019, we can gain some perspective of the impact cyber-attacks and data breaches pose for 2020.
The average size of a data breach is 25,575 records. (IBM)
The average time to identify a service breach is 279 days. (IBM)
Inadvertent breaches from human error and system glitches were still the root cause for nearly half (49 percent) of data breaches. (IBM)
The average time to contain a data breach once identified is 73 days. (IBM)
In 2019, there was a 186% increase in the number of U.S. residents impacted by health data breaches. (Statista)
These statistics may seem alarming for 2019 given all of the technology and innovative ideas that have been proposed over the years. One might assume that in 2020 a company would be able to better protect the data of its customers. The truth is, while some companies go the extra mile to protect the data they are entrusted with, many fail to do the simplest things to protect that data. Additionally, we as consumers have no insight to this problem and have to blindly trust the companies with which we do business.
As recently as last week, Dickey’s BBQ Pit restaurant chain announced that they endured a data breach that was discovered this week but had been ongoing since July 2019. The attackers stole over 3 million customers’ credit card data over the course of just over a year without being detected. The restaurant firm wasn’t the one that discovered the breach, it was a cybersecurity firm that tracks financial fraud after they discovered that the one thing these cards had in common was they had been used at Dickey’s BBQ Pit. For example, if you have visited Dickey’s in the last 15 months, I would recommend that you review your credit and/or debit card statements to verify your information was not sold on the Dark Web.
We began the year with a 30 million credit card data breach from “Wawa”, an East Coast-based convenience store and gas station. Wawa discovered the breach in December of 2019 and determined that the bad actors had been collecting data for almost 10 months using malware which had infected in-store payment processing systems. The company said the malware first infected systems on March 4th and by April 22nd most store systems had more than 850 in total infected.
These two examples represent $4,950,000,000.00 in potential expenses for these organizations. The global average total cost of a data breach has increased to $3.92 million over the past six years. As cyber threats increase, and the cost of these breaches continue to grow, can your business afford to suffer a breach? What can be done to protect your assets? Is it enough to have a firewall and antivirus? Do you know how much a breach would cost your business or even if it could survive after a breach? Studies show that being prepared could significantly reduce an organization’s exposure and decrease the cost of a breach.
Gaining an understanding of your organization’s data along with knowing the threats that your organization faces will help immensely. The first step in protection is to classify the data in a way that provides a clear picture of the type of data you own. Classification allows you to develop a plan to prioritize the security controls needed to protect the data. Far too often this step is overlooked in the process. Also, developing an Incident Response Plan (IR Plan) that incorporates an Incident Response Team can reduce your exposure to a data breach. Holding Incident Response simulations will assist the team in developing the necessary skills to face the challenges that will arise during an actual breach.
Once you are able to put these steps in place, your organization will benefit greatly in terms of protection, and that will keep your data safe for the foreseeable future.
About HoganTaylor Technology
HoganTaylor Technology is a newly formed subsidiary of HoganTaylor, encompassing all of the Firm’s information technology service offerings including managed services, outsourced CIO and technology solutions, cybersecurity services, and IT strategy and assessments. If your organization needs assistance in evaluating its technology strategies and goals, please reach out to a HoganTaylor Technology professional to discuss any questions you may have.
INFORMATIONAL PURPOSE ONLY.This content is for informational purposes only. This content does not constitute professional advice and should not be relied upon by you or any third party, including to operate or promote your business, secure financing or capital in any form, obtain any regulatory or governmental approvals, or otherwise be used in connection with procuring services or other benefits from any entity. Before making any decision or taking any action, you should consult with professional advisors.