On Thursday, September 7, Equifax, one of the three major consumer credit reporting agencies, announced that a data breach left 143 million U.S. consumers vulnerable to hackers. Cyber criminals gained access to files that puts personally identifiable information, including Social Security numbers and driver’s license numbers, at risk.
While the breach was caused by external attackers, internal attackers still pose a threat.
According to the 2017 Verizon Data Breach Incident Report, 25 percent of incidents involve internal attackers. The risk of internal attackers can be mitigated by up-to-date access controls, which help mitigate the risk that former employees, contractors or low-level users access sensitive information.
Still, 75 percent of cyberattacks are committed by outsiders. For this reason, it is important that an organization has a layered or defense-in-depth approach to security. From multi-factor authentication on the front end, to data leak prevention on the back end, there are many effective tools that can be deployed to reduce the risk of compromise.
Tactics cybercriminals use
More than half of cyber breaches include malware, according to the Verizon report, and 62 percent of breaches feature hacking. Of those involving hacking, 81 percent leverage stolen or weak passwords. Segmentation, reduced authorities, intrusion detection and prevention, keeping patches up-to-date, and secure coding are all part of layered defenses that effectively minimize the data at risk. But a comprehensive security risk analysis is essential to ensure such a coordinated defense.
Certain industries at greater risk
In short, no organization is immune from a cyberattack. From banks to health care systems, entertainment companies to grocery stores, local and national examples debunk any thought that any industry is beyond the notion of a cyber threat. However, the Verizon report found that financial organizations, health care organizations, public sector entities, and retail and accommodation organizations make up the top four affected industries.
Trends in cyberattacks
There are commonalities among cyberattacks across industries. For example, malicious email attachments cause 66 percent of malware installations. These attacks bypass preventative measures to keep attackers out, which creates great exposure to data leakage or data loss.
Also, almost three-quarters of breaches are financially motivated. Cybercriminals profit immensely by gathering and selling personally identifiable information (PII), including credit card numbers, Social Security numbers and HIPAA-related personal information. But it doesn’t stop there – confidential information at risk also includes intellectual property and client business.
It is important for organizations to regularly review where critical data is stored – servers, laptops, phones, portable devices or paper – and determine the best way to secure it based on the various security risks posed wherever the data is located. To help prevent hackers from easily stealing such data, organizations should encrypt data at rest and in motion in databases and servers to lock down sensitive information.
Additionally, organizations that store or transmit PII should review the insurance options for cyber protection. A variety of insurance policies cover things like the cost of fines, notification that PII has been compromised, liability and business interruption.
Register for a cybersecurity webinar on Friday, Sept. 15, to learn more about workforce security, compliance requirements and 2017 hacking trends.