In the past couple of decades, some hacks have cost businesses millions of dollars. As an instance, the 2013 Target hack cost the giant retailer an estimated $248 million. In addition, the hackers obtained personal information on 70 million Target customers and 40 million credit and debit cards.
Home Depot experienced a similar hack 2014, costing at Home Depot up to $263 million in expenses, including the cost of an investigation, legal expenses, and supplying customers with credit monitoring and identity protection solutions. The Home Depot hackers also managed to take 53 million customer email addresses and 56 million customer credit and debit card accounts.
Before this season, hackers penetrated Equifax, one of the three main credit reporting bureaus, and stole the personal information of over 143 million consumers. The final price tag of that breach is still being determined, but is very likely to be in the tens of millions of bucks.
Additionally, Equifax resisted its security problems. The hack wasn’t revealed to the public until September 2017 and Equifax invited users to a site where they could check to find out if the hack affected them.
Unfortunately, a cloned version of the Equifax site was in existence and also the cloned variant was so persuasive an Equifax worker was discussing it. One of those folks managing Equifax’s Twitter account accidentally sent users the link into the cloned site for several weeks. Additionally, the first Equifax website should have had adequate safeguards to stop it from being cloned.
There’s ample evidence that firms that fail to protect themselves against hackers seeking data, money or bragging rights endure substantial financial losses. Despite the news masking these huge security breaches, some organizations still don’t protect the information entrusted to them.
The Complicated Factors behind Safety Breaches
Preventing a hack is complex because hackers utilize numerous ways to attack you. For example, a hacker can:
- Secretly install keylogging software or ransomware in computers
- Take a Website or host in a Distributed Denial of Service (DDoS) attack
- Setup a fake Wi-Fi hotspot at a public location, such as a coffee shop or library
- Trick you into clicking onto a link in an email or direct message that direct you to a spoof site that gathers information from you
- induce you to unwittingly download malware onto your personal computer or mobile device
In addition, some companies don’t wish to go to the expense of keeping their software updated or training company employees how to recognize hacker penetration efforts. There’s a general attitude of”it couldn’t happen to us.”
But according to the FBI, any company that retains financial or personal data is exposed to an assault. These organizations include hospitals, school districts, state and local governments, law enforcement agencies, and small and large companies.
What Can We Do Prevent Costly Data Breaches in the Future?
Some of the cybersecurity repairs are evident. For example, more money needs to be allocated to keeping anti-virus applications updated.
In addition, employers need to devote more time to coaching workers from C-level to front-line employees to recognize and stop hacking efforts. Because cyber threats constantly evolve, education and training are vital in helping organizations to stop hacks or recuperate from hacks.
But there are other preventative measures organizations can take. By way of instance, data vendors should be screened to ensure they behave as another barrier to hackers. From the Home Depot case, the attackers used the logon credentials from a third party vendor to penetrate the Home Depot business environment, according to author Brett Hawkins in a 2015 white paper for Maryland’s SANS Institute.
Additionally, cybersecurity experts within a company must enhance their communication skills in order that C-level executives and boards of directors clearly know that the immense cost and scope of cyber threats.
At a 2015 In Homeland Security interview, cybersecurity expert John Felker said,”It’s incumbent upon us [cybersecurity specialists ] to talk about these threats in terms that the CEO can understand — as it affects the bottom line or their capacity to conduct missions. This isn’t an easy thing to do. But far better communicating drives resource allocation and strategic planning and reduces a company’s cybersecurity vulnerabilities.”
Finally, any hack ought to be analyzed in depth to ascertain what occurred and what lessons can be learned from the hack to further enhance the area of cybersecurity knowledge. As technologies such as biometrics continues to improve, it too could be harnessed to give an excess layer of security.