Large and small businesses face daily reminders that their data’s security is under attack by digital pirates, hackers, and cybercriminals. These threats require an immediate response, whether it's an unexpected hacking threat or a newly discovered database vulnerability. In this guide, we’ll help you understand these threats and how to prevent them in 2021. But first, we'd like to stress the importance of data security by looking at the latest data breach statistics and compliance laws for data security.
Table of Contents:
- The Latest Data Breach Statistics
- Compliance for Data Security
- 2021 Data Security Threats
- Xplenty: Data Integration with the Highest Level of Security
TRUSTED BY COMPANIES WORLDWIDE
Enjoying This Article?
Receive great content weekly with the Xplenty Newsletter!
The Latest Data Breach Statistics
During the last decade, businesses have experienced an increase in data hacks—and this is making information security more important than ever. At the time of this writing, Statistica reports that approximately 10,000 data breaches have happened since 2005. Moreover, there were 1,244 data breaches in 2018, resulting in 446.5 million records exposed." Compared to the 157 data breaches in 2005, that's an alarming increase.
Interestingly, the number of data breaches lowered during 2018, probably due to increased security measures taken by companies and private computer users. That said, the number of exposed records has more than doubled, so the data breaches in 2018 were more extensive in scale than in previous years.
Below is a list of notable data breaches in recent years
540 million records exposed due to a publicly accessible server hosted by a third party. Upguard cyber risk notified the digital media company Cultura. Over 540 million Facebook user IDs, account names, likes, and comments became exposed on a publicly accessible server - the reaction was slow.
Verifications.io is a company that approves or verifies email addresses for third parties - ensures that third-party email marketing campaigns deliver to verified email accounts instead of fake ones. A publicly accessible MongoDB database that contained 150 gigabytes of detailed marketing data became exposed. The company was scraping highly personal information. A security researcher found the following:
- Email addresses connected to social media profiles
- Full names
- Physical addresses
- Phone numbers
- Date of birth
- IP addresses
- Mortgage amounts and interest rates
- Estimates of credit scores
American Medical Collection Agency (AMCA)
AMCA provided medical billing for some of the biggest names in the medical lab testing industry (e.g., Quest Diagnostics, LabCorp, and BioReference Laboratories) - fell victim to an 8-month data breach which led to the theft of personal and medical information on 11.9 million patients. Hackers obtained access through its payment portal resulting in the exposure of name, date of birth, address, phone number, provider name, balance information, payment card information, bank account information, Social Security Number, and information about lab tests performed.
Ultimately, if you think you're immune to data hacks because you're a small business, you're mistaken. Smaller companies are just as vulnerable as larger ones:
- 43% of data hacks happened to small companies (of 1-250 employees) in 2015, yet only 14% of small businesses describe their data security strategy as “highly effective.” In the same year, 22% of database breaches happened to medium-sized companies (of 250-2,500 employees), and 35% happened to enterprise-level companies (of 2,500+ employees).
- 60% of small firms go out of business within six months of a serious data hack. Average damages from a data breach for small businesses are approximately $690,000.
- 48% of security breaches result from malicious hackers. Data system failures and user errors cause the rest.
If these statistics don't push you to increase your data security, perhaps the chance of violating one of the many data security and compliance initiatives will motivate you.
TRUSTED BY COMPANIES WORLDWIDE
Enjoying This Article?
Receive great content weekly with the Xplenty Newsletter!
Compliance for Data Security
Due to the increased number of hacking events, governments worldwide have established data security laws and processes that govern how companies safeguard their business and client information. Whether you’re concerned about hacks or not, it’s essential to understand your obligations under these laws:
- California Consumer Privacy Act (CCPA): The CCPA holds businesses to a high standard of consumer data security. Under the law, California consumers can demand all data a company keeps on them, in addition to a list of third parties the company shares the data with. The law also empowers consumers to sue companies for CCPA violations—not just in the event of a data breach. The California state attorney general enforces the CCPA. Organizations found to violate CCPA compliance are subject to a civil penalty of up to $2,500 per violation and up to $7,500 per willful violation. The settlements move to a new “Consumer Privacy Fund,” which offsets future costs incurred by the courts or the state attorney concerning enforcement.
- Federal Information Security Management Act of 2002 (FISMA): FISMA requires federal agencies to establish data protection plans to prevent hacks.
- General Data Protection Regulation (GDPR): The GDPR guards European Union citizens against data hacks. If your company processes E.U. citizens’ personal information, your data policy could fall under GDPR jurisdiction. The GDPR (General Data Protection Regulation) specifies two tiers of administrative fines that are imposable as penalties for breaching compliance. Up to €10 million, or 2% annual global turnover – whichever is higher or up to €20 million, or 4% annual global turnover. These are not empty threats. Take a look at the following GDPR rulings.
- Good Practice Guide 13 (GPG13): GPG13 is a data protection regulation that applies to businesses operating in the United Kingdom. The GPG13 is required for specific organizations depending 0n the sensitivity of the information under management.
- Health Insurance Portability and Accountability Act (HIPAA): HIPAA safeguards patient data in the United States. If your company process healthcare data for U.S. patients, you may need to conform to HIPAA compliance standards.
- Payment Card Industry Data Security Standard (PCI-DSS): The PCI-DSS seeks to reduce fraud by protecting credit card data. If you handle credit card information in the United States, this law may apply to your company.
- Service Organization Control (SOC2): The SOC2 is a data security and reporting standard that applies to the American Institute of CPAs. It seeks to maintain customer information security, integrity, availability, and confidentiality in the accounting industry. SOC 1, 2, and 3 vary in requirements – we are focusing on SOC 2 here; however, there are two types of certification. Type 1 involves passing the SOC 2 audit and proving that your policies, procedures, and technologies comply with the framework’s requirements. Type 2 involves ongoing compliance with SOC 2 and rigorous audit processes that tests your policies, procedures, and technologies in the wild.
- Sarbanes-Oxley Act (SOX): SOX requires your business to save financial records for at least seven years. This U.S. law seeks to prevent accounting fraud and applies to managerial staff, corporate boards, and accountants.
As you can see, information security is not only vital for your business due to increased hacking threats—but also because of compliance rules that obligate you to protect the information in a specific way.
Integrate Your Data Today!
Try Xplenty free for 14 days. No credit card required.
2021 Data Security Threats
The most pressing risks to information security in the coming year include the following:
Enterprise-Level Ransomware Attacks
In a ransomware attack, hackers install a virus that disables your computer while demanding that you pay a ransom fee to get your system back. These threats have existed for some time, but what we’ve seen so far is just the tip of the iceberg.
Historically, ransomware attackers focused on individual computer users. Businesses and enterprises used to be less vulnerable to ransomware viruses because they had better security and skilled staff who could reestablish a computer system after an attack. However, hackers are now using new technology to infiltrate corporate data systems and hold entire businesses hostage until they pay a fee. To do this, hackers are using “self-propagating ransomware worm viruses.” These viruses rapidly duplicate themselves across a data network—infecting as many systems as possible while deleting backups—until the entire framework is inoperable and the business has no choice but to submit to the ransom.
From the hacker’s perspective, targeting businesses makes sense. Many companies will pay a ransom to get their computers back online and avoid the tremendous costs of losing their data infrastructure. However, hackers know that large enterprises have deep pockets, so ransom payments can be massive.
A prime example of this happened in 2016 when attackers hijacked the Hollywood Presbyterian Medical Center’s computer system—rendering it largely inoperable. The virus encrypted the hospital’s database files, and the attackers demanded 40 bitcoins (a value of $17,000 at the time) for the decryption key. The hospital paid the fee instead of facing setbacks that would have been a lot more expensive.
There are five main types of ransomware viruses that target enterprises and businesses:
- Cryptoworms: Encrypt your computer data, rendering your system unusable until you pay the ransom fee in cryptocurrency. The 2017 WannaCry virus is the most famous example of a cryptoworm (see image above). These viruses are self-propagating, so they spread autonomously throughout a corporate database system.
- Lockers: Hijack operating systems to lock you out of computer files and applications until you submit to the ransom.
- Scareware viruses: Pretend to be antivirus tools while claiming they found "viruses" on your computer. Some scareware spams you with annoying popups and alerts while demanding a payment to remove the supposed virus.
- Doxware viruses: Threaten to release your personal information and photographs on the internet unless you pay a fee. Many victims are so worried that their private photos and data will get released that they immediately the ransom.
- Ransomware as a Service (RaaS): Offer "ransomware as a service" to criminals who want to attack a business data system. RaaS helps non-tech-savvy criminals move forward with a ransomware hijack. Those who host RaaS platforms receive payments in cryptocurrency.
Most ransomware attackers are financially motivated, but hackers may try to harm an organization for political or ideological reasons in today’s geopolitical climate. Regardless of why a ransomware threat exists, enterprises need to develop strategies for containing a company-wide attack like this. They should also have a data recovery plan in place to restore their data systems in the event of a destructive breach.
Here some important strategies to prevent a ransomware attack:
- Use advanced security software: Install a trusted suite of security and anti-virus software, and keep the software up-to-date.
- Install updates: Keep your operating system updated by installing security patches as soon as they're available.
- Delete untrusted emails: Never open an untrusted email or attachment, and be cautious with trusted parties’ attachments if you don't know what it is.
- Delete untrusted attachments: wary of attachments that ask you to "enable macros." Enabling macros could put you at risk.
- Back up everything: Back up important files on an external hard drive that is not connected to the rest of your data system so ransomware has less power over you.
- Migrate to the cloud: Use a cloud-based server system. Cloud-based servers offer high-level security features, and they take periodic snapshots of your files so you can roll back to a previous version after a hack.
- Only pay the ransom as a last resort: Speak with your tech team, a cybersecurity expert, and the police before submitting to a ransom. Hackers might take your money and never liberate the system.
Supply Chain Security Breaches
Since the early 2000s, the product supply has experienced extreme globalization. By the mid-2000s:
- 1% of North American manufacturers had moved production to lower-cost locations
- More than 40% of North American manufacturers were planning to expand their marketing base into Eastern and Central Europe, Mexico, and Central America
Accelerating globalization and outsourcing of both software and I.T. hardware became the norm in the U.S. electronics industry. A rough estimate put USA chip manufacturing at only 20% of total global output. Modern supply chain systems handle, distribute, and process goods using a complex network of suppliers and services. These supply chains glow in the dark, attracting cybercriminals from every echelon of society. Additionally, software stacks are continually advancing, and security teams struggle to keep up and secure critical internal infrastructure. Also, third-party suppliers usually have some level of access to their customer's network, and the industry has loose access control policies; this invariably leads to attack surfaces opening up - making breaches in perimeter defenses much more likely.
Businesses have become so good at protecting themselves against database security threats that cybercriminals are being forced to explore backdoor vulnerabilities—essentially, by accessing data systems through “supply chain attacks.”
In database security, a supply chain attack seeks to find a data security weakness through supply chain partners and vendors that connect to your company’s larger data system. It doesn’t matter how advanced your data hygiene practices are. If your supply chain partners are falling asleep at the wheel, cybercriminals can exploit them.
The most famous supply chain attack happened to Target customers in 2013. Attackers infected Target’s point-of-sale (POS) data system across 1,800 stores with malware that compromised the debit and credit cards of approximately 40 million customers. Target spent $61 million responding to the breach, which resulted in a 46% earnings drop in the last quarter of 2013 and numerous customer lawsuits.
Interestingly, the attack happened even though Target (1) installed an advanced database security system six months before the incident, and (2) had a team of cybersecurity experts monitoring the system for threats. Target claims that hackers bypassed these security measures by stealing an air conditioner repair company’s security credentials that serviced Target stores.
To prevent a supply chain attack like this, incorporate the following strategies into your database security plan:
- Use a cyber-threat intelligence service: Cyber-threat intelligence services will prepare you for and prevent supply chain threats before they become a problem.
- Audit your supply chain regularly: Perform supply chain audits by building factory and vendor testing into your data hygiene process. This will help you monitor the security practices of partnering companies.
- Follow all compliance standards: Compliance regulations exist for a reason. Adhering to them will protect your data systems, and help prevent you from getting in trouble with the law and reduce your liability exposure.
- Codify your risk assessment standards: Adopt and follow risk assessment standards for your data system to better identify and resolve threats.
“Cryptojacking” of Cloud-Server Databases
Another rising threat is cloud-based server hacking. Even though cloud-based servers like Amazon Redshift employ the most advanced security features, virus detection, and encryption available, these systems aren't beneficial if you make configuration mistakes that leave your data available to hackers. Cybercriminals could also obtain access to your cloud system by working with a malicious employee, stealing access credentials, or using phishing tactics.
Here are two examples of recent cloud-based server attacks:
2018 Tesla breach: In 2018, hackers obtained access credentials for Tesla’s Amazon Web Services (AWS) account. The hackers accessed proprietary information from the automaker, including telemetry, mapping, and servicing data for its vehicles. The hackers also installed “cryptojacking” software to mine a cryptocurrency, Monero, which they concealed with sophisticated evasion tactics. Researchers found that the hack happened because Tesla was running the opensource Kubernetes administration console, which administrators left open to the internet with no password protection. Hundreds of other firms, such as Aviva and Gemalto, made the same oversight, giving anyone access to their data systems. Unprotected cloud resources is one of the most common cloud data security vulnerabilities.
2019 Capital One breach: The July 2019 Capital One hack involved an Amazon Web Services (AWS) cloud server. According to a legal complaint, a tech worker exploited a “firewall misconfiguration” to steal private data belonging to millions of Capital One employees. The misconfiguration allowed the tech worker to retrieve security credentials with access to Capital One's sensitive customer data. Amazon claims that the cloud server at the center of the breach was not at fault and blamed the breach on IT setup and management errors.
To prevent a cloud server breach, follow these security measures:
- Monitor Cloud-Server Configurations Closely: Don't leave your server doors open to the public! Double-check all server configurations, passwords, other security measures with a keen eye for detail. Develop a checklist to ensure your team doesn't miss anything. Also, watch out for changes to your server configuration by hackers. You can do this by launching tools that notify your team of newly created server resources and launches of new applications.
- Hire the right people: Ensure that the cloud server techs you work with have the requisite skills and experience to avoid errors and shore up vulnerabilities when configuring your cloud server system.
- Monitor for Suspicious Behavior: This involves baselining “typical” user activity, so you can detect and stop anomalous hacking behavior if it occurs.
- Monitor Network Traffic Activity: Detect suspicious activity that could belong to hackers by monitoring your cloud server's network traffic activity.
- Install Software Patches Immediately: Hackers are always searching for new vulnerabilities, like the EternalBlue server message block (SBM) exploit that allowed the spread of the Wannacry virus. Software developers respond quickly to these vulnerabilities with security patches to stop the exploitation. However, you won't benefit from this protection if you don't update your system with new patches.
In this article, we've covered some of the most relevant data security concerns for 2020 and beyond. What's important to remember is that data security and hacking concerns are constantly in flux. As soon as you shore up one vulnerability, hackers will find another. Ultimately, data security trends require constant monitoring so you can swiftly respond to new threats and compliance standards.
Integrate Your Data Today!
Try Xplenty free for 14 days. No credit card required.
Xplenty: Data Integration With the Highest Level of Security
Xplenty is a powerful, easy-to-use data integration platform that extracts, transforms, and can load data into databases, file and object storage, and Salesforce in addition to data warehouses. Keeping Xplenty secure is our number one priority. That's why we offer the highest level of security and compliance for all of our ETL data integrations, such as:
- SSL/TLS encryption on all our websites and micro-services
- Encryption of sensitive data anytime it's “at rest” in the Xplenty platform using industry-standard encryption.
- Constant verification of our security certificates and encryption algorithms
- Physical infrastructure hosted by accredited Amazon Web Service (AWS) technology
- Advanced preparations to meet the EU General Data Protection Regulation (GDPR) standards
- Operating system access limited to Xplenty staff and requiring username and key authentication.
- Firewalls that restrict access to systems from external networks and between systems internally
- A wide array of other security measures.
Keeping your data secure is one of the most important things we do at Xplenty. If you'd like to know more about our data security standards, please contact the Xplenty team.