The World Wide Web, or the internet as it is widely known, is an absolutely indispensable tool for any organization, institution or even individual that needs to conduct business today. Every sector from finance to academia depends on it. Actually, it is almost impossible to work without it and run a business with any success, or even conduct most transactions not relating to business necessity. The reason behind this is that everything is more efficient online. Businesses have always required a form of communication, marketing and storage of data. Back in the day when classic systems were used, data was of course stored physically as opposed to digitally. It was stored in paper files and communications were limited to a corded telephone while marketing was fed through physical means such as the newspaper, billboards and word-of-mouth (although the latter still stands today and will stand indefinitely as the ultimate marketing method).
The internet only arrived much later throughout the late 90s and 2000s and definitely transformed the depth, width and speed of what businesses do and how they conduct their business. The internet transformed the entire industry and world economies, in fact. With this utopia though, come problems. A cyberattack is what criminals partake in online. The problem is that a lot of this cybercrime is taking place, and with that cyberattack incidents have become commonplace on the internet. These issues are stifling the progress and success of the majority of businesses without a cybersecurity plan in place. Cybercriminals are waging a war of attrition against the internet, meaning that it is a very high priority for the business sector to focus on cybersecurity hygiene and a well-thought-out company cybersecurity strategy.
What exactly are these cybersecurity incidents that are causing disruptions in IT and business circles? In order to address this popular question it is necessary to explore and note several factors, chief among which are cybercrimes that result in ransomware or data breaches in the workplace. The business sector and data breaches mentioned in the same sentence are a combination of terms that will raise a lot of eyebrows in any business environment today. Data breaches have been plaguing organizations in some shape or form since the 2000s, but are a completely different, adaptable beast nowadays.
What is a Data Breach?
A data breach is a cybersecurity term that defines an unauthorized or otherwise illegal security breach conducted on a company's data (or an individual's data). It is an incident where encrypted, sensitive or confidential data is accessed, stolen or disrupted by an individual or a group of cybercriminals (malicious hackers). Some examples of what types of files can fall victim to a data breach can be financial information, health information, confidential trade secrets or even intellectual property. Data breaches can either be concentrated on one organization's network, or can be widespread leading to unauthorized access to hundreds of millions of files and documents. Data breach laws cover what is called PII or Personally Identifiable Information and there are several data protection laws in place now, notably most focused around the U.S. and EU (CalOPPA, CCPA, Washington Privacy Act, GDPR, and European Data Protection Supervisor services respectively). There are also other laws that focus on financial information such as the PCI Security Standard. These laws are still being developed around the world, and try to cover everything from personal information to business information integrity. Unfortunately, though, data protection is not a unified practice in the world, and most countries have no laws at all regarding this. For example in the U.S., the regulations vary from state to state, whereas in the EU it is more centralized and stricter altogether.
What is Cybersecurity?
Describing cybersecurity in the least amount of words would be something like this: defense against internet incidents. However, cybersecurity is a very wide concept with a lot of sub-topics. The need for proprietary 'cybersec' has only appeared about a decade and a half ago, when cybercrime really started ramping up. Most people are familiar with firewalls, antivirus programs and now VPNs (Virtual Private Network) are extremely popular -all of these factors into cybersecurity. Individual privacy protections, just like the security of data, also factors into cybersecurity.
Types of Cybersecurity Incidents Affecting Businesses
Nowadays data breaches are much more of a real-world issue, in that the consequences of a data breach can affect the functioning and fate of a business. As soon as sensitive data can be viewed, stolen or manipulated the individual is at a real-world risk. Data breaches are especially common due to the advancement of factors such as cloud computing technology (digital storage) where mass amounts of information are stored today. If a financial institution is breached, all of its customer information is at a risk. Likewise, if a cybercriminal manages to breach a medical institution, the health of the patients is directly at risk. This can be taken up a notch, where if government data is breached (like in the recent SolarWinds attack), cybercriminals can gain access to, steal or conduct fraud on hundreds of millions of people as well as put national defense at risk. Cybersecurity incidents in the form of data breaches that take place today include;
- Malware injections
- Ransomware attacks
- Phishing or spear-phishing scams
- DoS or DDoS brute force cyberattacks
Data breaches have led to damage in the trillion-dollar range, so far. Just a few examples of this in recent times are events such as; Microsoft database breach that exposed 280 million customer records, the MGM Resorts breach that led to hackers stealing hotel customer information, the Zoom teleconferencing data breach that exposed over half a million accounts. There are several more, such as California DMV breaches, and social media breaches such as when over 200 million YouTube, Instagram and TikTok user profiles were exposed.
Mitigating Cyber Attacks in The Workplace
Earlier, data protection and privacy laws were mentioned. It is important to understand that these laws only serve as a guideline for handling data, and ultimately they can provide a framework that organizations must follow however they do not remedy data breaches from happening, at all. Beyond just regulations, there are certain steps and strategies for good cybersecurity hygiene that businesses need to apply in order to sustain their existence today and in the future. First, the statistics about data breaches that businesses should know ;
- Over 70% of data breaches are geared towards profit
- Over 30% of larger breaches were from an organized crime group
- Almost 5,000 website per month are compromised with malicious code
- Critical data breaches have increased by 50% science 2010
- 'Mega breaches' are on a steep incline
- A cyberattack takes place every 39 seconds
- 30% of breaches are internal
- 23% of data breaches are caused by human error
- Cybercrime is going to cost $10.5 trillion annually by the year 2025
- Cloud vendor breaches are going to expose the most amount of sensitive info
Perhaps the most important statistic of all, is that in 2019 the World Economic Forum considered cyberattacks as one of the top five risks for global stability. Finally, these are steps that need to be taken in order to 'mitigate' or remedy cybersecurity issues, businesses must take the following steps;
- Conduct regular system audits of all systems, assets, and employee devices
- Tight access control only for authorized users
- Keeping all software in use updated
- Instating mobile device management for employee devices
- Consolidating the strength of credentials with methods such as MFA
- Including employee cybersecurity education and training programs
- Using good backup practices, such as off-site and encrypted cloud storage