It's hard to ignore the frequency at which major corporations seem to be victims of targeted data breaches.
Yahoo Inc. recently confirmed over 500 million accounts were compromised in an attack from 2012, marking one of the largest intrusions of a business network to date. When Sony Pictures was infiltrated in 2014, about 100 terabytes of data and information were exposed, including the Social Security numbers of staff members. Last year, the U.S. Office of Personnel Management (OPM) had at least 18 million records stolen.
LinkedIn (117 million accounts), Dropbox (about 69 million) and Lastpass (7 million) are just a few other examples of companies that have suffered from recent data breaches where hackers stole information - often data which was later sold on the dark web.
It's important to understand, though, that an organization does not need to be of this size or magnitude to be a target of cybercriminals or fall victim to a data breach. No one is immune to the calculated attacks - so if this isn't already a concern for your company, it should be.
Data breach severity snapshot
The severity of data breaches is tremendous and can impact the reputation, revenue streams, customer loyalty and privacy. To get a better idea of just how frequent, damaging and expensive these attacks can be, consider some of the following data breach statistics gathered by the ITC, Breach Level Index, Verizon and IBM:
- In 2016 alone, there have been nearly 800 total data breaches and almost 90 percent were motivated by espionage or financial gain.
- Since 2013, more than 5 billion records have been lost or stolen.
- On average, the total cost of a data breach is $4 million, marking an almost 30 percent increase since 2013.
- Every hour, nearly 160,000 data records are lost or stolen.
- Per record lost, the average cost is $153.
- In more than 80 percent of security incidents, it only took minutes to penetrate the network.
- There is a 24 percent chance that your company will be affected by a breach within the next two years.
Something the Yahoo, LinkedIn and handful of other high-profile breaches have in common is that the companies - and their customers - weren't aware of the full scope of the damage until years after the initial breach occurred. There is one silver lining to these massive security disruptions of major organizations: It presents the opportunity to learn about why and how they happened, acting as guidance for other businesses to avoid falling victim to the same fate.
Understanding and preventing attacks
While some security incidents can be attributed to human error or mistake, most are caused by phishing schemes, hacking or malware. To defend networks and critical infrastructures against these threats, information security training and awareness must be a priority. Hacker capabilities and tactics are continuously evolving and advancing - and the only way to mitigate risk against them is to adopt a responsive, aggressive and offensive approach to security.