Whenever I talk about Cybersecurity, one of the questions I keep getting asked is just how bad have the attacks been this year so far? I am surprised by this; people normally do not seem to care what is going on until it impacts them.
I can tell you that last year was probably amongst the worst for Corporate America in terms of security breaches. For instance, there was the British Airways website hack, the Marriott Hotel Group hack, Target, etc., you name it.
In these instances, millions of Personal Identifiable Information (PII) records were stolen, and used for malicious purposes, such as conducting Identity Theft attacks. Probably the most sought-after records were credit card numbers, as well as the Social Security numbers that were tied to those accounts. So far to my knowledge, no victim has come out into the public, announcing just how bad these breaches affected them.
But the fines that were levied upon these organizations were made available to the public, and they were quite staggering: Hundreds of millions of dollars. Many of these penalties were brought on by the ramifications of the GDPR, as many of these US based businesses also have office affiliates in the European as well.
So, as we come to the midpoint of the 3rd quarter of 2019, just how bad has it been out there? There was a market research study that was conducted, called the “2019 MidYear Data Breach Quickview Report”. Here is what they found, which is just as equally startling:
*There were over 3,800 data breaches that occurred (an increase of 54% from 2018);
*Over 4.1 billion PII records were exposed to and hijacked by the Cyberattacker (an increase of 52% from the previous year);
*Here are the specific industries that were impacted by these security breaches:
*Corporate America accounted for 67%;
*The Healthcare Industry accounted for 14%;
*The Federal Government accounted for 12%;
*Education accounted for 7%.
*Just 8 security breaches accounted for the loss of 3.2 billion records;
*The use of the Internet and the Web accounted for almost 79% of the data loss;
*Traditional hacking, as well its variants, accounted for a total 82% of data loss;
*Surprisingly, in 70% of the security breaches that occurred, emails and passwords were the most sought-after target rather than financial information;
*One of the worst security breaches to occur so far in 2019 was the one that occurred at the American Collection Agency (AMCA). Just two weeks after they were hit, the company filed for bankruptcy.
My Thoughts on This
To be honest, I am not at all surprised these numbers. It seems to be on par as 2018, but one key difference I am finding is that many of these security breaches have started to occur more at the level of the medium sized business, rather than the Fortune 100 or even Fortune 200.
I say this because the Cyberattacker, once they make their impact, want to have those repercussions announced in the public, just because it is a rush to their ego knowing that they have hit a prized target. But I am not reading so much about that anymore in the news headlines; rather it seems like the lesser known businesses are being hit harder now.
Why is this the case? Well, it is quite likely that with the advent of GDPR, many of the Fortune 100 companies have taken the steps to further beef up their respective lines of defenses, so that they are not faced with the harsh, financial penalties.
In contrary, the medium sized businesses do not have as much of a budget to fortify their security posture; and, they are not bound to the rules and regulations that have been set forth by the GDPR.
Thus, they are now becoming a prime target. But resources are becoming available to the medium sized business, albeit at a slow pace. Much this is being done by the Trump Administration, which is granting access to Cybersecurity consultants at minimal or even no charge so that any unseen vulnerabilities or gaps can be patched up as quickly as possible.
So, the next question is, what will happen for the rest of 2019? This is difficult to answer. I thought that by now, there would be some large-scale attack, either on the Internet, and even our Critical Infrastructure. There have been isolated cases of these, such as in Baltimore, where the city was hit by a nasty Ransomware attack. I think even other states down in the southern region were impacted as well.
I keep on tab daily as to what is happening out there, and the headlines are typically the same, with Facebook leading the charge. Then there are those usual headlines where you read about how bad the Microsoft and Adobe patches are, which website has been, etc.
I pray that this does not every happen, but I can still see some kind of large-scale attack happening. It is not too far down the road. The Cyberattackers are getting more and more sophisticated, and it is even harder to detect them. Attacking the Internet is one thing (this is something that can be recovered from rather quickly), but attacks to our Critical Infrastructure remains very scary.
The primary reason for this is that much of this infrastructure has been built upon legacy systems, and still relies heavily upon them. Thus, for example, if our water supply lines were hit, it could take days or even weeks to come out of this, as the damaged parts were literally having to be rebuilt again.
There has been talk of even ripping out their old security systems and replacing it with older ones. But this won’t work either, and because of that, only additional security layers can be added onto these legacy systems.
We still have 4.5 more months before the year is over, let us pray that it goes by uneventfully. Finally, more details about this study can be seen at this link:https://pages.riskbasedsecurity.com/2019-midyear-data-breach-quickview-report?utm_campaign=Data%20Breach%20QuickView%20Report&utm_medium=email&_hsenc=p2ANqtz-9jDmdX7ExNk739yvGU2p-zHpEmcnGEHxI4S-NRAf7YNndoktRg8s3K-TzxI3l3GKLocECTADWUaqPgAanhbJvZbGFsGw&_hsmi=75704751&utm_content=75704751&utm_source=hs_email&hsCtaTracking=dcee0acc-c885-4a34-84f5-effaa6434ce1%7Ccb959a9b-8f8a-4445-8abc-9194d581105c