October is National Cyber Security Awareness Month and the timing couldn’t have been better.
It comes amidst high-profile security breaches of companies like Edmodo, to the WannaCrypt Ransomware attack, Zomato hack and the recent Equifax breach that ranks among the largest ever publicly disclosed data breaches.
As of October 2017, Reports state that the extent of the Yahoo data breach didn’t limit itself to just a billion accounts but rather, to more than 3 billion accounts compromised in total.
The breach now affects a number that represents nearly ‘half of the world’ – Sam Curry, Chief Security Officer, Cybereason.
The Year of 2017 – A Security Nightmare
A recent security report published by Gemalto’s Breach Level Index showed that more data records were leaked or stolen by hackers during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).
Another shocking insight from that report was that an average of 10.4 million records are exposed or swiped every day.
A large number of these breaches were targeted against organizations that fall under the category of being consumer-centric.
So if you happen to be a voter in the United States or a patient of a hospital in Britain or a recipient of the motor vehicles department in India, it’s very likely that your private data could have been stolen in the past 6 months.
There were around 918 data breaches worldwide in the first half of 2017 as compared to the 815 breaches that occurred in the last 6 months of 2016. This represents an increment of around 13% in security breaches.
Among these breaches, Identity Theft accounted for three-quarters of data breaches, an increment of over 49% compared to the previous 6 months.
And it gets even more dramatic when we talk in terms of the number of records that were part of these security breaches. Around 1.9 billion data were lost or stolen in the first half of 2017 as compared with 721 million of the last 6 months. This comes with a massive increase of 164%.
The second half of 2017 was equally bad. The Equifax data breach became the new talk of the town. The security breach of one of the largest credit reporting bureau put the personal information of as many as 143 million Americans at risk.
These included Social Security as well as credit card numbers. Thus becoming the third largest breach in history (after the two breaches at Yahoo).
The Equifax breach will be remembered for the chain of reactions it set in motion. From being a PR disaster to resulting in the CEO’s resignation to the number of lawsuits filed by the Attorney General of various states all over the US.
And it doesn’t end here. Among other security incidents in the recent past was the Deloitte hack where cyber attackers were able to leverage an administrator’s account that allowed them unrestricted access across Deloitte’s email server. This server reportedly stores around five million emails for the Big Four accountancy firm.
This was accompanied by a data breach on Sonic Drive-In (an American drive-in fast-food restaurant chain). A security breach of Sonic’s store payment system resulted in up to five million stolen credit & debit card accounts being “peddled in shadowy underground cybercrime stores,” security news website KrebsOnSecurity reported Tuesday.
The Year of Poor Security Practices
As seen in recent times, a lot of these breaches are the result of accidental loss or inside threats. A large portion of these accidental loss arises from poor security practices or unsecure databases. The Equifax data breach is a perfect example of this scenario.
In early March the company was notified by the Department of Homeland Security about a critical vulnerability in its software, Equifax failed to fix the issue in a proactive manner. In mid-May, attackers leveraged this flaw in the unpatched software to gain access to sensitive data.
It took Equifax two months to notice suspicious traffic in its networks. Even though it was able to restrict the attackers at that point, it failed to fathom the scale of the theft until mid-August.
The worst part is that the company’s full board was still not aware of the security breach until the end of the month, a delay of around 4 weeks from the day of discovering the breach.
Considering that the first six months of 2017 saw almost 11 million data records being stolen or lost every single day, 437,815 every hour, 7,297 every minute, and 122 every second. This proves that organizations are still not doing enough to adopt a proactive approach towards cyber security. Most businesses fail at detecting the vulnerabilities in the first place.
To be honest, there is no such thing as being fully secure. The changing dynamics of the digital ecosystem makes it, even more, tougher to be 100% secured. But one can still be a winner even after being hacked. Previously we spoke about the 3 key characteristics that made Tesla a winner even after being hacked.
Another important aspect is to be able to accept and acknowledge your mistake. A good example can be the way Zomato handled their security breach by taking ownership of the situation and resolving the security issue in less than 24 hours.
National Cyber Security Awareness Month (NCSAM)
Like we mentioned earlier, the National Cyber Security Awareness Month of October came at the right moment when security breaches have led to public embarrassment, management downfall, and a huge PR disaster.
“As hacks, data breaches, and various other cyber-enabled crime become increasingly commonplace, this year’s National Cyber Security Awareness Month is an important reminder of the need to take steps to protect yourself and your family when using the Internet.” – Federal Bureau of Investigation
Also known as NCSAM, National Cyber Security Awareness Month was jointly launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance. Since then its become an annual campaign held every October to help the public stay safe online and to increase national resiliency in the event of a cyber incident.
In today’s digital times, mobile has quickly become a forerunner for the advancement of digital technology with the coming of Artificial Intelligence, Machine Learning, Blockchain, Cryptocurrencies etc.
More and more data is being shared through our mobile applications all over the internet, almost touching each and every aspect of our daily life, whether we realize this or not.
A recent research from Ipsos, a global market research firm, found that society in general just can’t live without the internet. 18,180 people were surveyed across 23 countries, with more than two-thirds of them saying they cannot imagine a life that isn’t prefixed by www dot. While 73 percent of Americans said they cannot imagine an unconnected life, the highest share was recorded in India at 82 percent.
Source – Statista
In the busy humdrum of everyday living, we tend to take a lot of our basic technology implementations for granted. In one of our recent posts, we made a security checklist of 13 such technologies that are being ignored on a daily basis. This makes the need for security awareness to be of paramount importance.
On the occasion of National Cyber Security Awareness Month, we will be sharing a series of blog posts on topics like Mobile Application Security, Online Tips and Best Practices as part of our contribution to keep businesses and consumers safe and secure. Stay tuned to our blogs for more. You don’t want to miss this!