Data breaches are on the rise – it’s a fact. In times like these, it’s important to ask yourself – are you being vigilant? And crucially, are you in the know?
The following statistics have been taken from the recent 2019 Verizon Data Breach Investigations Report and identify those behind the breaches, as well as the victims. The report looked at 41,686 security incidents, of which 2,013 were confirmed data breaches.
Looking at the victim demographics and industry analysis specifically, of the 20 industries covered in the report, only the Public Sector ranked higher than Healthcare and Finance for the number of known recorded breaches…
- 16% were breaches of Public Sector entities
- 15% were breaches involving Healthcare organisations
- 10% were breaches of the Financial industry
These industries remain in the top three for victims affected, and unsurprisingly, are the three industries that hold the most PII (personally identifiable information) and sensitive consumer data. Indeed, according to the report, internal data, credentials and personal information ranked highest in the top data varieties compromised in breaches.
Healthcare organisations specifically carry huge amounts of PHI (protected healthcare information), that if found its way into the wrong hands, could be detrimental for all involved. According to HIPAA Journal’s April 2019 Healthcare Data Breach Report, April was the worst month for healthcare data breaches since reports began back in October 2009. For example, Gulf Coast Pain Consultants, LLC d/b/a Clearway Pain Solutions Institute recently announced that their Electronic Medical Record System was accessed without authorisation, exposing approximately 35,000 records of patient data which included social security numbers and insurance information.
So who is responsible? The report identifies that outsiders remain the principal threat through use of hacking and malware, among others. But crucially, privilege abuse and data mishandling still rank highly in the top misuse varieties in breaches…
- 69% perpetrated by outsiders
- 34% involved internal actors
- 15% were misuse by authorised users
From the figures above, it is clear to see that insider threat is proportionate to that of outsiders, and not something to be ignored. Recent reports suggest that long before Facebook, Twitter and Instagram, Myspace employees were abusing their access rights by using a specific tool to spy on its users. And just the other month it was announced that Snapchat employees had been doing the same to access location information, saved Snaps, phone numbers and email addresses.
The importance of being vigilant
It’s important to recognise that when breaches occur, sometimes they can lie unnoticed for a substantial amount of time. Verizon’s report highlights that 56% of breaches took months or longer to discover; something to make you think given recent changes in global data protection regulations. The result of discrepancies such as this can lead to potentially devastating fines and irreparable reputational damage for your organisation, among other detrimental consequences.
It’s crucial to get employees on side and playing a part of the security team within the organisation, as they really are one of the greatest assets in the security ecosystem. This “security first” mentality in users helps with practising good vigilance: being aware of potentially suspicious behaviour, as well as handling sensitive data responsibly.
Alongside vigilant staff, data classification software can also play a crucial part in preventing data breaches by improving user awareness and data control to protect business critical data, as well as offering built-in reporting tools such as Boldon James Classifier Reporting, to monitor and report on classification events, and the handling of classified data within the organisation.
For more information on how you can protect your organisation’s valuable data, and empower your users, get in touch with us today.