The past few months have been full of news coverage around data breaches and the need for data awareness. From hospitals to universities to children’s toys, data attacks are coming full force, and IT pros …
Moving on from major security breaches of 2015
When personal information is stolen during a data breach, how should the affected organization – and its customers – gauge the severity of the exposure? In the sheer amount of data kidnapped from its owners, the contents of the compromised files, the amount of people affected, the money spent recovering from the situation or the resulting damage to your brand’s integrity?
The answer is a complex one – it depends entirely on the company, and each of the above factors plays a role. 2015 saw the growing trend of high-profile data breaches and security attacks reach new organizations, new markets and new heights. The only way to turn the tide and work toward a more secure future in 2016 is to carefully examine these incidents and determine what can be learned from them. Below are some of the top breaches that rocked the security landscape in the past year, and takeaways from each that can help protect your sensitive data and your business:
- The incident: When a hacker gained access to the customer database for VTech, a manufacturer of children’s toys, he was able to remove files containing personally identifiable information for nearly 5 million of the company’s customers – and 6.3 million of their children, as reported by Network World. Beyond names and passwords, the breach exposed chat records, photos and audio captured by VTech devices.
- The lesson: Sensitive data exists in more forms than you may think, depending on your industry. Identifying critical elements within your company’s data stores can help protect the information that matters to your customers and your business.
- The incident: Securus Technologies, a provider of phone services for prison inmates, suffered a breach that comprised more than 70 million phone records collected between 2011 and 2014. When the issue made headlines, it sparked conversations about how correctional facilities handle confidentiality, human rights issues and violations of attorney-client privileges.
- The lesson: The effects of a data breach can’t be quantified in time and budget alone; exposing sensitive data can seriously harm your company’s reputation. Regularly checking your data for compliance with internal and external standards can help ensure that you’re not harboring information that might surprise even your executive team.
3. U.S. Office of Personnel Management
- The incident: More than 30 years’ worth of data from security clearances and background checks from millions of former and current government workers were lost in a long-running security breach. Given the depth of the data collected and the nature of the industry, the stolen data created a national security risk.
- The lesson: Files taken in the data breach were seized in repeat intrusions that occurred over multiple months. Most organizations have already suffered a data breach; for many, identifying the issue is a matter of time. Taking ongoing snapshots of your data and monitoring file activity can help quickly identify data exposure, track an intruder’s path and recover lost information.
2. U.S. Internal Revenue Service
- The incident: Tax information belonging to more than 300,000 people was compromised when hackers were able to guess the answers to security questions in the IRS’ “Get Transcript” online service.
- The lesson: Traditional security measures, such as multi-factor authentication, can no longer sufficiently protect data. To secure sensitive information, organizations need complete visibility into their storage.
1. Anthem Health Insurance
- The incident: One-third of Americans were affected when nearly 100 million personal records were exposed in the Anthem Health Insurance breach. The data stolen was not encrypted, and contained enough personal information about individuals to steal identities. In addition to Anthem, healthcare firms including Premera BlueCross, UCLA Health and more suffered data breaches that exposed customer information in 2015.
- The lesson: As CEO Paula Long wrote in her response to the Anthem attack, the most effective way to consider a data breach is to compare it to a physical robbery. Even though it takes place virtually, data theft involves a break-in, time spent poking around, and finally, a heist. As data thieves continue to evolve and find new strategies for stealing information in the coming year, security and IT pros need to employ a multi-pronged approach to security: requiring proper credentials, preventing network access, moving sensitive data to secure locations, using alerts to notify the teams about access changes made to sensitive information, and performing full data forensics at the storage level to track the path of data access and audit trails.
Is your sensitive information at risk? Take our data security pop quiz to find out.Like This