Data breaches caused the exposure of nearly 2 billion files over 551 separate incidents in 2017. Despite the strides businesses have made in data protection in recent years, companies across all industries still have a number of vulnerabilities. Knowing how to recover from a data breach is important, but shoring up gaps so that you can preemptively protect your business from a data breach is even more critical.
Who’s Most Vulnerable?
Out of the 551 data breaches that occurred in 2017, 328 were in the healthcare industry. Tech, retail, finance and government rounded out the top five, while technology earned the double honor of having the most number of files stolen, at 1.75 billion.
There’s one type of business structure, however, that’s particularly vulnerable across all industries: the franchise. The independent nature of franchises results in little to no oversight from the parent company when it comes to IT security. Plus, franchisees are generally small-business owners, so their resources are often limited, compared to larger organizations. If a local point-of-sale system is compromised, it can give hackers access to the parent company’s central databases. And, since franchisees don’t usually have a system in place to notify each other of attacks and coordinate a fix, hackers can hit numerous franchise locations before anyone can spread the word and take action. All of this can have repercussions for other franchises as well as the overall brand, which will suffer the brunt of the bad publicity.
Examining the Aftermath
Data breaches have serious, far-reaching consequences for both companies and consumers.
Business Repercussions
The revenue-related implications of a data breach can be staggering, with an estimated average cost of $3.62 million per breach and $1.9 billion total in 2017. Long-term businesses across most industries can lose up to 3 percent of their market value, with retail service industry companies suffering losses up to 9 percent. These figures make it clear that IT security is something businesses simply can’t afford to overlook.
Reputations also take a hit, with current customers possibly dropping off and potential ones shying away from a company they deem unsecure. And while it’s possible to eventually regain the public’s trust, the damage is often difficult to undo.
Ramifications for Customers
Customers fare just as poorly, if not more so, after their data has been exposed. In the case of the large Equifax breach in 2017, consumers are still managing the aftermath and will likely experience repercussions for years to come. The luckiest consumers are dealing with inconvenient credit freezes across all three bureaus and constant diligence for fraudulent accounts. At worst, people have become victims of identity fraud which often means getting new credit cards and bank accounts. They also have the tedious task of cleaning up fraudulent accounts and other info on their credit reports.
Solutions
It’s imperative that companies take a multi-layered approach to fighting against intrusions as well as have a solid strategy for mitigating and remedying breaches when they do occur.
Next Generation Firewall
Conventional firewalls can provide only basic gatekeeping tasks, such as opening and blocking ports, governing outbound traffic, translating network addresses and Virtual Private Server services. The threats that companies face today, however, are designed to circumvent these measures, creating a need for more sophisticated solutions.
Next-generation firewalls fortify standard firewall capabilities with intrusion-prevention functionality that continuously scans networks for interference, suspicious traffic and other evidence of security breaches.
Enhanced Two-Factor Authentication
As security breaches become ever-more advanced, usernames and passwords simply do not offer enough protection. They both fall under the “authentication factor” class of knowledge, which makes them function as a less-effective single-factor, authentication method.
These authentication factor categories include:
- Knowledge factors, such as usernames, passwords and security questions
- Possession factors, or physical items a user has, such as a keycard
- Inherence factors, or things that are distinct to the user such as fingerprints and other biometrics
Enhanced, two-factor authentication uses factors that come from two different categories, such as knowledge and inherence. It also analyzes the times and locations at which a user accesses the system to create a baseline for normal activity. This strategy provides greater protection from simple credential theft and breaches of password data.
Hardware
Hackers often use point-of-sale systems to gain access, either via skimmers that look like legitimate POS terminals (often found at gas stations and self-checkouts) or through malicious code that’s uploaded to the POS servers via an exploit kit.
The first step to protecting your company’s data is to make sure that your POS is PCI DSS compliant, reducing the risk of data compromise. This means using strong encryption to protect in-transit data as well as implementing secure authentication procedures for firmware updates. You also need to make sure that your terminals are tamper-proof and inspect them regularly for signs of manipulation.
Protect Your Assets
If all else fails and a security breach does occur, you must be able to protect your assets. General liability insurance doesn’t usually offer coverage for data breaches, so you’ll have to obtain a comprehensive business insurance policy that includes data breach insurance. This is especially prudent when studies have found that 60 percent of businesses without data breach insurance that suffer a breach don’t survive another year.
References
https://www.sharefile.com/blog/top-industries-affected-by-data-leaks-in-2017/
https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf
