Founders’ Reading List: 6 Data Abuse Lessons
What is data abuse? It’s a catch-all term for anytime a company doesn’t handle data as mindfully as they ought to. It’s when telco employees sold customer information to third parties. It’s when a major retailer suffered a serious data breach and by extension let their customers’ data fall into the hands of bad actors. It’s when a payment platform secretly collected customers’ data. Data abuse is everywhere and has entered the public consciousness in a big way. Here are a few lessons from some of the biggest past data abuse scandals.
Lesson 1: Ransomware Is Getting Bigger
And ransomware is getting more sophisticated. The encryption process is being slowed and randomised to defeat early detection, hackers sometimes encrypt the master boot record right away, and sometimes a ransomware attack is actually a distraction for a different, more sophisticated attack.
Lesson 2: The Human Firewall Is Important
Security awareness training is becoming an increasingly important factor in preventing ransomware attacks from being effective. Early detection and prevention is key. Employees are often a company’s biggest cyber risk. After all, it can be easier for a hacker to trick a person than trick software. And yet, only 29% of employees in a survey by Finn Partners said that they received quarterly security training. Clearly, there is room for improvement.
Lesson 3: No Business Is Immune
Big headlines are devoted to the likes of Delta, Macy’s, and Saks Fifth Avenue, but small businesses are more likely to be targets of cyber attacks. Why? Smaller businesses are less likely to be able to defend themselves. And the consequences are dire. Half of all small businesses go under six months after a cyber attack.
Lesson 4: Beware Third-Parties & Vendors
Third-parties can be a vector for cyber attacks. Target’s notorious 2013 breach, which ended up costing north of $300 million, all started when attackers compromised Target vendor Fazio Mechanical.
Lesson 5: Beware Insiders
An insider threat is when the attacker comes from within your own organization. Motivational speaker types may talk a big game about company being family, but not taking insider threats seriously is foolish.
In 2015, Morgan Stanley found that one of their financial advisors had downloaded account data on around 10% of their wealth management clients. Details of about 900 clients were posted online. In this case it looks like the damage was minimal as Morgan Stanley acted swiftly, but this highlights the danger of insider threats in terms of data abuse.
Lesson 6: Data Abuse Is Expensive
The average data breach—the kind that barely makes the news—costs $3.86 million. AT&T was hit with $25 million in fines when employees stole and sold customer information. Equifax’s data breach has cost billions, although the true cost in terms of identity theft will likely be much greater. The words most costly in history never sound good.
It’s abundantly clear that data abuse is expensive. So, the question must be what are companies willing to pay to avoid these costly mistakes?
To learn more about keeping your data and information secure, visit iweb.com and contact us today.