Data Breaches: What to Know and How to Prepare for Future Attacks (HoganTaylor)
TechnologyOctober 28, 2020 - HoganTaylor LLP
This is a thought leadership article by PrimeGlobal member firm HoganTaylor LLP which provides details on how to keep your firm safe from data breaches.
Cyber-attacks are growing in complexity as well as quantity. By reviewing the data breaches that took place in 2019, we can gain some perspective of the impact cyber-attacks and data breaches pose for 2020.
- The average size of a data breach is 25,575 records. (IBM)
- The average time to identify a service breach is 279 days. (IBM)
- Inadvertent breaches from human error and system glitches were still the root cause for nearly half (49 percent) of data breaches. (IBM)
- The average time to contain a data breach once identified is 73 days. (IBM)
- In 2019, there was a 186% increase in the number of U.S. residents impacted by health data breaches. (Statista)
- The average cost per record is $150 (IBM)
These statistics may seem alarming for 2019 given all of the technology and innovative ideas that have been proposed over the years. One might assume that in 2020 a company would be able to better protect the data of its customers. The truth is, while some companies go the extra mile to protect the data they are entrusted with, many fail to do the simplest things to protect that data. Additionally, we as consumers have no insight to this problem and have to blindly trust the companies with which we do business.
As recently as last week, Dickey’s BBQ Pit restaurant chain announced that they endured a data breach that was discovered this week but had been ongoing since July 2019. The attackers stole over 3 million customers’ credit card data over the course of just over a year without being detected. The restaurant firm wasn’t the one that discovered the breach, it was a cybersecurity firm that tracks financial fraud after they discovered that the one thing these cards had in common was they had been used at Dickey’s BBQ Pit. For example, if you have visited Dickey’s in the last 15 months, I would recommend that you review your credit and/or debit card statements to verify your information was not sold on the Dark Web.
We began the year with a 30 million credit card data breach from “Wawa”, an East Coast-based convenience store and gas station. Wawa discovered the breach in December of 2019 and determined that the bad actors had been collecting data for almost 10 months using malware which had infected in-store payment processing systems. The company said the malware first infected systems on March 4th and by April 22nd most store systems had more than 850 in total infected.
These two examples represent $4,950,000,000.00 in potential expenses for these organizations. The global average total cost of a data breach has increased to $3.92 million over the past six years. As cyber threats increase, and the cost of these breaches continue to grow, can your business afford to suffer a breach? What can be done to protect your assets? Is it enough to have a firewall and antivirus? Do you know how much a breach would cost your business or even if it could survive after a breach? Studies show that being prepared could significantly reduce an organization’s exposure and decrease the cost of a breach.
Gaining an understanding of your organization’s data along with knowing the threats that your organization faces will help immensely. The first step in protection is to classify the data in a way that provides a clear picture of the type of data you own. Classification allows you to develop a plan to prioritize the security controls needed to protect the data. Far too often this step is overlooked in the process. Also, developing an Incident Response Plan (IR Plan) that incorporates an Incident Response Team can reduce your exposure to a data breach. Holding Incident Response simulations will assist the team in developing the necessary skills to face the challenges that will arise during an actual breach.
Once you are able to put these steps in place, your organization will benefit greatly in terms of protection, and that will keep your data safe for the foreseeable future.
HoganTaylor LLP is one of the largest business advisory and public accounting firms in Oklahoma and Arkansas. The Firm has more than 300 employees and provides tax, assurance, risk, business advisory, accounting, technology and many specialty and industry-focused services. HoganTaylor is an independent member firm of PrimeGlobal, one of the five largest associations of independent accounting firms in the world.Learn more