The vast reach of today’s data breach

It seems like every month we hear about another data breach affecting companies big and small, public and private, young and seasoned. For many IT managers, CIOs, CSOs and CISOs, the news brings sweat to their foreheads. Individual information, medical records, financial data and company statistics are constantly at risk. Despite the significant amount of time, money and software employed to prevent a breach from happening, hackers and human error continue to plague businesses and their security.

Because information management is critically important to us all —as employees and consumers — the Identity Theft Resource Center (ITRC) has been tracking security breaches since 2005, looking for patterns, new trends and any information to better help us to educate consumers and businesses on the need for understanding the value of protecting personal identifying information. In its annual report summarizing occurrences in 2015, ITRC noted that breaches are impacting every sector, but most notably healthcare, general business and government.

In 2015, 781 breaches were tracked. However, this is truly only a snapshot of what’s actually occurring, given that only a fraction of breaches are ever reported. Of these breaches, approximately 170 million records were known to have been exposed. Note that the ITRC currently tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure and Physical Theft. It also tracks four types of information compromised: Social Security number, credit/debit card number, email/password/username and protected health information (PHI).

Though breaches may differ by what happens and what data is exposed, what they all have in common is they usually contain personal identifying information (PII) in a format easily read by thieves, in other words, not encrypted. What’s most troubling is that the effects of a data breach are enormous. In fact, according to a 2015 study conducted by IBM, the average consolidated total cost of a data breach is $3.8 million, representing a 23% increase since 2013. The study also reports that the cost incurred for each lost or stolen record containing sensitive and confidential information increased six percent from a consolidated average of $145 to $154.

At TechOrchard, we constantly see inadequate security and compliance policies within companies in every industry. Yet for various reasons, key stakeholders (usually outside of IT) don’t recognize the inherent risk. At stake are the company’s reputation, financial standing and possibly even licensing to do business, as well as its relationships with individuals who are critical to the continued success of the organization. Isn’t that enough to make you take a second look and evaluate the potential for “what ifs” in your future?

Gambling in Las Vegas is one thing; gambling with customer, patient and employee data is very different. If you haven’t already, NOW is the time to make plans to secure important data, especially on mobile devices. Let us know if we can help.