CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

Target of the Next Big Breach

With Big Data Comes Big Responsibility: How to Avoid Becoming a Target of the Next Big Breach

Avoid Becoming a Target of the Next Big Breach

Practically every industry relies on Big Data, from education, government, and healthcare to banking, manufacturing, and retail. With the rise of Big Data over the last ten years and the significant increase in cyber security threats over the last two, the opportunities for both business and cyber criminals are growing exponentially. This means that information security is more important than ever. Businesses need to stay one step ahead if they want to avoid becoming the next target of a big breach.

According to an article published by the Master of Science in Cyber Security Department at the University of San Diego, “Just as big data has opened up new possibilities for cyber security teams, it has also given cyber criminals the opportunity to access mass quantities of sensitive and personal information through the use of advanced technologies.

Data breaches increased by 40% between 2015 and 2016 and the trend continues in 2017. This is for bad for consumers and bad for business. Identity theft costs the average victim $1,343 in stolen assets and expenses like legal fees, which can be a lot for the average consumer. According to a new report and timeline just released, these are the worst data breaches over the last ten years, how they happened, and what businesses can do to avoid the same fate.

The Biggest Data Breach (most records)

  • Who: River City Media, an email marketing company known for sending spam emails
  • When: January–March 2017
  • How: It was an accident. Backup databases were not configured correctly and were left available online for anyone to see
  • Number of records: 1.37 billion!
  • Type of records: Email accounts, full names, IP addresses, and physical addresses
  • Business Consequences: They were dropped from Amobee’s affiliate service, which was one of the largest marketing firms working with them

Most Serious Data Breach (most sensitive information exposed)

  • Who: Equifax, one of 3 major credit reporting agencies in the US
  • When: 2017, mid-May through July
  • How: A security patch needed to fix a flaw in their Apache Struts tool was not updated promptly, which left their system vulnerable and allowed hackers to gain access
  • Number of records: 143 million! Nearly half of the US population
  • Type of records exposed: Birth dates, names, Social Security numbers, driver’s license numbers, addresses, and credit card numbers. Ouch
  • Business Consequences: The chief information officer and chief security officer were forced out; they are facing a federal investigation, and their shares have dropped at least 35% since the breach was announced. They will most likely face a lawsuit involving millions of angry customers

Most Financially Damaging Data Breach (biggest financial loss)

  • Who: American Business Hack. This data breach affected multiple companies from different sectors, including Nasdaq, Visa, JCPenney, Dow Jones, JetBlue and 7-Eleven.
  • When: 2005 to 2012. A large portion of the records were stolen during the economic downturn between 2008 and 2009
  • How: A sophisticated hacking ring targeted banks, payment processors, and chain stores over eight years using malware to gain access to accounts, withdraw money, and steal and sell information. They disabled antivirus software and used anonymous web-hosting services to hide their activities
  • Number of records: 160 million credit and debit card numbers stolen and 800,000 bank accounts breached
  • Type of records: Credit and debit card numbers
  • Business Consequences: At least $300 million in losses

Cyber Security Threats:

  • Evolving ransomware
  • Malware and social engineering like phishing scams
  • Expired SSL Certificates
  • RoT (Ransomware of Things)
  • Legacy IT systems obtained through acquisition of other companies
  • Below Average IP Reputation scores

How to Avoid Becoming a Target:

  • Keep your software up to date, make sure any open source software being used is secure, and install security patches promptly
  • Use encryption on all your company devices to protect against a breach in the event it gets stolen
  • Improve overall network and application security and keep them up-to-date
  • Implement cloud-based continuous monitoring systems that assess vulnerabilities in real time
  • Create a vendor management program to monitor third party vendors and catch threats before they can take control of the system
  • Train staff to identify malicious attacks so they don’t accidentally share information with scammers
  • Classify your data so you know where all the sensitive information is stored and have proper controls in place to protect it from falling into the wrong hands

Advice for Consumers:

  • Make sure your devices are password protected.
  • Invest in credit monitoring and identity theft protection to protect yourself in the event of a data breach
  • Create strong passwords—keep your information close, and only give it out when absolutely necessary

Other considerations:

IOT

According to Anatoliy Okhotnikov, Head of Engineering for Softjourn, “in the world of IoT, our most sensitive data is now everywhere, and we have another channel to leak our personal information. Attackers will target consumer devices from your connected fridge to game console. And do not forget that everything is mobile today, so mobile security is one of the main areas to consider as well.”

Financial Services

According to John Farley, Cyber Risk Practice Leader for HUB International, “New York has traditionally led the way in regulating the financial services sector’” and with the new cybersecurity requirements that went into effect in March of this year, approximately 3,000 financial institutions, including banks, insurance companies, and other institutions will be required to:

  • Establish a cybersecurity program;
  • Adopt a written cybersecurity policy;
  • Designate a Chief Information Security Officer, or similar individual, responsible for implementing, overseeing and enforcing its new program and policy;
  • Create a vendor management program to ensure the security of their information systems;
  • Establish an incident response plan to respond to and recover from a cybersecurity event;
  • Implement a variety of additional controls, including annual penetration testing, multi-factor authentication procedures, encryption standards, data access limitations, formal log audit programs and data destruction.

It is likely that other states will follow suit.

Conclusion

Overall, Big Data provides numerous opportunities for businesses to grow and thrive, including the ability to increase cybersecurity protections. At the same time, this provides more opportunities for cybercriminals to identify and take advantage of vulnerabilities across systems. With Big Data comes big responsibility. As a company or institution using it, you have to be willing to accept the risks involved and ensure your company is doing everything possible to implement the highest level of security from your security protocols, network systems, and connected devices to hardware, software and applications.

By Krystal Rogers-Nelson

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

The Lighter Side Of The Cloud - Fathers Day
The Lighter Side Of The Cloud - Fear Of Heights
The Lighter Side Of The Cloud - Disaster Recovery Plan
Why ‘Data Hoarding’ Increases Cybersecurity Risk

Why ‘Data Hoarding’ Increases Cybersecurity Risk

Data Hoarding The proliferation of data and constant growth of content saved on premise, in cloud storage, or a non-integrated ...
GDPR Compliance: A Network Perspective

GDPR Compliance: A Network Perspective

GDPR Compliance Regulations can be a tricky thing. For the most part, they’re well thought out in terms of mandating ...
Critical Success Factors when shifting Workloads into the Cloud

Critical Success Factors when shifting Workloads into the Cloud

Shifting Workloads into the Cloud By 2020, 92 percent of all workloads will reside in the cloud. Yet challenges remain ...
Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks: The Prevention and Handling

Mitigating Cyberattacks New tools and technologies help companies in their drive to improve performance, cut costs and grow their businesses ...
Technology Cloud Contributor

IoT Data Centers – “We’ve Always Done IoT, We’re Just Terrible At Marketing It”

IoT Data Centers An often repeated phrase by many data center professionals is “We’ve always done IoT, we’re just terrible ...
Four Cloud Security Mega Trends

Four Cloud Security Mega Trends

Cloud Security Trends Last year was a big year for the cloud. Cloud adoption continued to grow at a rapid ...
ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

ERP Ain’t Got the Same Soul, I Like that Old Time Rock ‘n’ Roll

Designing Enterprise Software around People Looking back, business owners talked to their customers and employees in person or by phone ...
Technology Certification Courses

Top Five Technology Certification Courses To Choose From In 2018

Technology Certification Courses Gartner predicts that the global public cloud services market is projected to grow by 55 percent in the next three years and is expected to reach $383.3 billion by the end of 2020. Today, cloud computing helps enterprises ...
How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

How Security Certification Helps Cloud Service Providers Stay Transparent and Credible

Security Certification Helps Cloud Service Providers If you are a cloud service provider (CSP), you know your customers have a choice as to who to work with, but do you know what will help tip the scales in your favor? ...
Leading Programming Languages - TIOBE Index for July 2018

Leading Programming Languages – TIOBE Index for July 2018

Last month we announced that TypeScript entered the TIOBE index top 100 for the first time. TypeScript appears to keep growing in popularity. This month it entered the top 50. TypeScript is slowly becoming the new and improved JavaScript. One ...
Automate Service Management

[Free eBook] 150 Ways to Automate Service Management Throughout Your Organization…

Think about an IT Service Catalog as a supermarket of available services. Everyone in your company requests and delivers services from each other. From Human Resources and Marketing to Facilities and Procurement, each department is a service provider to the ...
Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration – 10 ‘Do it Right’ Tips

Cloud Migration Tips Businesses continue to adopt the cloud at break neck speed. Inherent benefits like lower operational costs, no infrastructure overheads, and quick access to better technology make cloud a very attractive proposition for businesses, especially start-ups and SMEs ...