Strict Standards: Declaration of PLL_Walker_List::walk() should be compatible with Walker::walk($elements, $max_depth, ...$args) in /home/ms2006blogs/public_html/wp-content/plugins/ait-languages/include/switcher.php on line 225
Through the GRC Lens – August 2019 - MetricStream Blog

Through the GRC Lens – August 2019

Posted by

How safe is safe?

With more than 3800 incidents reported so far, 2019 is proving to be the record year for data breaches. Despite best efforts, best practices and increasing awareness, these incidents continue to occur at an alarming rate.. 

2019: A record year for data breaches

According to the 2019 Midyear QuickView Data Breach Report, by RiskBased Security, “The first six months of 2019 have seen more than 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records.” Healthcare services was the single highest affected industry with almost 32 million patient records compromised in the first half of 2019.

The report stated that, “the majority of breaches reported this year had a moderate to low severity score.” Data breach frequency and severity are increasing at an alarming rate, but while the big ones make it to the headlines, the smaller ones lose most of the money.

The Capital One Breach

In one of the worst data breaches in history, a hacker gained access to more than 100 million credit cards accounts and applications. The breach that happened in phases across March and April this year, only came to light this month, when someone warned a Capital One security hotline, that some of the bank’s data had appeared on a public GitHub page.

The hacker had managed to break into the Capital One server, gaining access to over 140,000 social security numbers, a million Canadian social insurance numbers, 80,000 bank account numbers and other confidential information like names, addresses, credit card scores and credit limits, claimed the bank and the US department of Justice.

According to CNN Business, ”The company expects to incur between $100 million and $150 million in costs related to the hack, including customer notifications, credit monitoring, tech costs and legal support due to the hack.”

Over 106 million people in the United States and Canada were affected. Capital One’s stock was down by 5% in premarket, right after the incident was brought to light.

An IBM study on data breaches, released last month, states, “The cost of a data breach has risen 12% over the past 5 years and now costs an average of $3.92 million…Companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue.”

Although the report states, “more and more sensitive data is exposed when insiders fail to properly handle or secure the information”, 89% of breaches have been a result of outside attacks. “149 of the 3,813 incidents reported this year,” the report found, involved misconfigured databases and services”. The report also warned against handing over sensitive information to third party vendors.

In conclusion…

Customer trust and data privacy are constantly being eroded, even by large multi-billion-dollar organizations. The stakes are always high and the frequency of data breaches being uncovered serve as a grim reality check to businesses to implement cyber strategies to stay protected.

For the past 14 years, the Ponemon Institute has examined factors that increase or reduce the cost of a breach and has found that the speed and efficiency at which a company responds to a breach has a significant impact on the overall cost…Extensive use of encryption was also a top cost saving factor, reducing the total cost of a breach by $360,000, says IBM.

As cyberattacks get more and more sophisticated, it’s imperative for CISOs and CIOs to stay proactive and build agile GRC strategies to monitor, analyze, predict, manage, and mitigate risks. The use of siloed systems and manual processes create vulnerabilities. Organizations need more than ever to implement new cyber-resilient strategies to protect and secure their data.

Leave a Reply

Your email address will not be published. Required fields are marked *