Data Breaches: The 411

Maggie Newberg // January 2018

According to a 2017 IBM sponsored global study, a company has as high as a 1 in 4 chance of experiencing a data breach. The study also found that, when hit with a data breach, an organization loses an average of $3.6 million, with an average cost of $141 per personal information record that was lost or stolen.

With millions at stake, and a huge amount of personal and private information being shared through the web today, it should come as no surprise that data breaches and web security are a hot topic in our digital world. Because security plays such a large role in the websites and applications that we use, it is important to know the gist of what data breaches to our security are, how they affect companies, and measures that can be taken to prevent them.

What is a data breach?

A data breach is what happens when someone makes an unauthorized entry into one or more of a website code’s point of entry, whether directly or through an unknowing host. While a breach in itself is not malicious, it often indicates that something bad will follow. This simply means that just because someone is able to get into a website’s code, the act of being able to get into the code itself doesn’t mean something bad will happen (in fact, there are some people whose sole job is to get into websites to report weaknesses, and fix them).

Unfortunately however, since the main reason people want to get into a website is to exploit it in some way, the breach usually indicates that someone is planning to do something malicious.

There are a few ways that breaches can happen, the most notable being through unwatched ports of entry, poorly written software code, non-current software, and improper hardware disposal. When incidents like these happen, a website- and the data that a website collects- runs the risk of exploitation.

How do data breaches affect me and my organization?

Data breaches affect organizations because of the costs associated with preventing breaches, and dealing with the aftermath of breaches. In fact, for a business in the USA, an average data breach costs $7.35M (over double the global average!), with an average cost of $225 per personal information record that is compromised.

In addition, because of the costs of data breaches and security, according to Forbes “the global cybersecurity market reached $75 billion for 2015 and is expected to hit $170 billion in 2020”. While you might be thinking “sure, cyber security costs so much because companies pay premiums to ensure safety”, the reason that they’re willing to pay premium top dollar is because without cybersecurity, as a whole, companies stand to lose even more than $75 billion or $170 billion.

Unfortunately, the initial monetary losses are not the only hit organizations take from a data breach. Organizations also often lose personal information- anything from internal data (such as personnel files, or financial files) to client records (such as addresses, social security numbers, credit card numbers, or even psychiatric records). They also stand to lose consumer trust and, ultimately, brand reputation. Because brand reputation is one of the largest assets that an organization has, it is very important to keep reputation clean and positive, and not untrustworthy or unsafe.

How can I prevent data breaches?

While data breaches can be extremely dangerous and costly, there are a few ways to protect a website from being breached. Methods include measures of prevention such as using active reconfiguration, setting up firewalls, creating strong code, and limiting where site users can go and what they can see.

Other ways include measures of detection and fixing, such as running tests, using security patches, and taking advantages of tools such as site security audits. A site security audit is a series of tests and assessments that are used to evaluate the security and health of a website. Audits are used to identify gaps in security and provide recommendations for closing those gaps and enhancing overall site security.

Audits usually entail elements such as:

  • Test running- checks to make sure your site is secure, and current security is reliable
  • Security Checkpoints- analyzes key components of your website that can be especially vulnerable to breaches
  • Industry Standard Benchmarking- compares key stats of your audit to industry standards of site security
  • Inventory of data collected- identifies internal data storage systems, and evaluates to ensure federal and state regulation data storage compliance (especially with regard to personally identifiable data)
  • Recommendations- outlines best practices and suggests next steps be taken in order to attain a more secure site

Site security audits are undertaken as a preventative step, as well as to identify vulnerabilities. At Isovera, we perform audits to find and address site security issues, gauge and maintain the health of the site, and give clients (and us) peace-of-mind. Our team finds that prevention is a best “cure” when it comes to site security and ensuring a website’s health.

If you’d like to learn more about site security or data breaches, we’d recommend that you check out OWASP- a non-profit that focuses on improving software security, play with the toggles on informationisbeautiful- a website mapping the world’s largest data breaches, or to check out our own site audit page.

 

Questions? Comments? Suggestions? Web security favorite tips? We’d love to hear what you have to say below!

Want to learn more?

At Isovera, we know that the “secret” to a safe and secure website is not only good design and development, but maintenance too! Our support and maintenance program help us and our clients stay on top of the day-to-day upkeep of a website- from SSL certificates, to module updates, security improvements, and more.

Maggie Newberg Headshot

Maggie Newberg

Marketing Specialist

Working in marketing & dabbling in operations, I experience the best of both worlds by leading marketing campaigns, content initiatives, and conference sponsorships, as well as overseeing day-to-day activities such as time tracking management, invoicing, and corporate level communication.