How many data breaches happened this year? Take a guess.
According to the Identity Theft Resource Center (ITRC) report, there were 750 data breaches that collectively exposed 177, 837, 053 records. Imagine that around 180 million records were stolen this year alone.
There were, in fact, some other interesting pieces of statistics too. Take a look:
These numbers clearly show that we have taken more hits than ever this year. Earlier, we already told you about how hackers make $193 per credential through database breaches. What’s more tragic is that these are only verified figures. What about the ones that we have no idea about? Leaving data breaches aside, how much have we lost in fraudulent transactions and application Distributed denial-of-service attacks that crashed business services.
Fact 1: The Anthem breach affected 80 million customers.
While there were many small and big incidents right from the start of the year, the biggest blow came in February. Health insurer Anthem Inc. was hacked by an unknown group, which took personal information of their employees and customers. The company did not provide any information on the incident beyond making a statement that records were compromised.
Fact 2: Ashley Madison parent CEO resigned after the hack.
The infamous Ashley Madison case made it bigger in the news than anything else on the list. Allegedly, a group of attackers threatened Ashley Madison to stop their infidelity services, which they, of course, did not. Credit card and personal information for 36 million users were compromised in the attack. However, it was a different hack as the victims had personal stakes involved. Months on, users are still receiving blackmail threats to pay thousands of dollars or attackers will publicize their record.
Fact 3: TalkTalk stock tanked 10% after the hacking news broke.
TalkTalk, the UK-based telecommunications company, was hit by a cyber attack recently where personal data of about 4 million customers were potentially exposed. It is said that hackers got their hands on names, addresses, email addresses, telephone numbers, account information, credit card, and bank details, even when it was all encrypted. Notably, the last official statement on the incident came from their Chief Executive of Business, Dido Harding. He said that the incident response would cost TalkTalk between £30m and £35m.
Do we still have to establish that data breaches are not good for sales or business reputation? After all, who wants to do business with companies that cannot protect the bank or personal data? In fact, Gemalto conducted a global survey recently that highlighted the obvious effects.
They collected data from 5,750 consumers spread across 7 countries and found out that 64% of the people are unlikely to shop or do business with a company hit by a data breach.
That is the gravity of the situation. When we consider cybersecurity, we think of the added layer of protection and not the necessity of it. Think about it. Is it worth the risk? Last year, after the Target data breach, traffic on their stores declined by 30-40%. And it was reported that the earnings dropped by 16%. They collectively lost $148 million from a data breach.
What will be the average cost if you are hit by a data breach? First Data has estimated around $36, 000 spent in the mandatory forensic examination, notification to customers, credit monitoring, PCI compliance fines, the liability of fraud charges, card replacement costs, and reassessment on PCI compliance. However, this data is only for small businesses. Increase it multiple times depending on the size of business.
It seems like the season when everyone wants to talk about cybersecurity. Dozens of products are being made and promoted across the world. However, not everyone understands where the problem lies and how to deal with it. Let’s break it down to three points:
1) Most cyber attacks happen at the web application layer.
World-renowned research company Gartner has previously reported that 70% of the hacking attempts happen at the application layer, which is altogether a different zone than the network layer. It has its own vulnerabilities and they need to be addressed proactively.
2) Web applications change frequently.
Web applications are the core of new-age businesses. They enable online shopping, payments, and pretty much everything else. Quite obviously, companies have to play around them a lot. Frequent code changes lead to new known and unknown vulnerabilities that cannot be addressed by one-time scans.
3) Human intelligence is essential.
Until we reach adaptive artificial intelligence, machines alone will never be enough. What happens when a zero-day vulnerability is found out? How will you deal with business logic flaws that are present just in your applications and nowhere else?
Indusface proposes ‘detect, protect, and monitor’ approach to keep your businesses away from data breaches. Under Total Application Security, we continuously look for weaknesses in your applications regardless of changes made or not. Our Web Application Firewall blocks attack attempts from hackers that want to reach your database. The monitor is an integral part of the process where security experts not only study your traffic and attack attempts but also test applications manually. This provides you with an unmatched security perspective backed with solid data and recommendations.
See how ‘detect, protect, and monitor’ works.
Founder & Chief Marketing Officer, Indusface
Venky has played multiple roles within Indusface for the past 6 years. He was instrumental in building the product/service and technology team from scratch and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. He has proven experience (10+ years) in the security industry and has held various mgmt/leadership roles in Product Development, Professional Services, and Sales during his time at Entrust Data card.