In 2011, the SEC published a set of recommendations relating to the disclosure of an organization’s cybersecurity risks and cyber incidents. In this document the SEC stated, “registrants should review, on an ongoing basis, the adequacy of their disclosure relating to cybersecurity risks and cyber incidents” and went on to describe existing disclosure obligations such as risk factors, description of business, and financial statement disclosures where cyber risks and incidents would often need to be discussed.
Late last week, Equifax – one of the four largest credit reporting bureaus in the United States – disclosed that in July, they experienced a massive data breach that cloud very well represent the largest compromise of significant personally-identifiable information (PII) ever. As reported by the company, data on over 143 million people was compromised, and the scope of that data included some of the most sensitive data that exists regarding individuals: names, addresses, birth dates, and Social Security numbers were captured, along with credit card numbers and other PII for a subset of those persons whose data was breached. Equifax disclosed that the compromised data included residents not only of the United States, but also Canada and the UK.
Retailers are some of the most vulnerable organizations when it comes to data breaches. Due to the fact that these companies have to process enormous amounts of customer financial information, it simply makes sense that hackers would do everything they can to get past cybersecurity defenses.
Outside of the fact that a significant cyberattack will forever change how customers view your company, these incidents generally have significant financial fallout. To that end, what can a retailer expect to deal with when they're the victim of a data breach?
Due to the fact that credit and debit card data can be used to anonymously purchase goods and transfer money online, this information has become highly sought after in the criminal underworld. Hackers are compensated generously for gaining access to these cards, and are therefore motivated to break into the systems that hold them.
But exactly how do these individuals go about getting a hold of this information? Let's dive in:
Data breaches are major events that place tremendous pressure on IT departments to rectify. Unfortunately, numerous case studies exist where companies have not only failed to prevent a cyber attack, but they've also struggled (at minimum) to mitigate the damage. The end result is often lost customers and a dented bottom line.
"Data breaches are increasing because there are more connected devices than ever."
Why are Data Breaches on the Rise?
One reason data breaches are increasing is because there are more connected devices than ever. And that number is expected to rise.
Gartner predicted connected "things" would jump 30% between 2015 and 2016. Other experts agreed, such as Fortinet Global Security strategist Derek Manky and Morgan Stanley Chief Information Officer of Technology and Information Risk Matthew Chung.
Has your company's network been compromised? If you're not sure, you should know how to tell because it could prevent the loss of critical data.
"Companies, both big and small, may appear to be indestructible, they're always at the mercy of their IT security systems."
While large and small companies may appear to be indestructible, they're always at the mercy of their IT security systems. When their networks are breached, cybercriminals can typically steal important data with ease such as a customer's personal and financial information. The end result is often damage to the company's bottom line because of lost customers.
But what if a company could prevent (or at least slow) these cyber attacks by not only building a robust IT defense system but also by knowing when a hacker is attacking? In this article we'll discuss how companies can tell when a cybercriminal is already in their network. In turn, this will allow IT teams to quickly react and avoid losing crucial data.
Each year companies lose millions of dollars because of data breaches. Not only do businesses lose money because cybercriminals steal critical data but also because these hackers cause often irreversible damage to the organization's reputation. In turn, these companies often struggle to retain and gain customers.
Many different types of IT criminals breach databases, which we'll discuss shortly, but it's critical to first understand what they're looking for and who they're attacking.
The Australian Red Cross is currently dealing with a massive IT security mishap that exposed thousands of Red Cross blood donors' personal information.
"The leak disclosed blood type, previous donations information and donor eligibility answers."
The IT leak didn't just reveal information such as names, telephone numbers, emails, addresses, and birth dates. It also disclosed blood type, records of previous donations, and donor eligibility data.
Troy Hunt, an IT security expert, first discovered the leak after someone contacted and provided him with a snippet of data from donateblood.com.au that included his personal information. The person then gave Hunt the entire set of data (1.74 GB or 1,286,366 records). The information also included Hunt's wife's personal information.
IT security is one of a company's major lifelines. Data breaches alone cost companies nearly $160 per record, according to a 2016 Cost of Data Breach Study, and often hundreds if not thousands of pieces of data are stolen. The Trump Hotel Collection is facing the harsh reality of a data breach after it agreed to settle for $50,000 in penalties and improve its data security protocols after cybercriminals gained access to 70,000 credit card credentials, according to Computer World.
As a business owner, you need to take IT security seriously. Not doing so threatens your company's bottom line due to lost customers and revenue - and possibly top officials if they lose their jobs, which can destabilize departments.
As proof IT security can cost your company a bundle of money, let's first examine data regarding how customers feel about and act towards companies that have been breached.