Last year 446.5 million records were exposed in data breaches in the U.S. alone. The internet is home to a vast amount of information. Consumers have an expectation that their personal data will remain secure and private. Companies that fail to allocate time and resources to understand cybersecurity put their customers’ sensitive data in danger. Gone are the days when cybersecurity was merely an IT problem; it is now an issue the entire business must address.
Data is the currency of the digital world. Access to consumer data allows companies to create successful products and personalized user experiences. The collection and storage of data, however, must be done carefully. There are currently over 1 billion websites on the Internet. Studies show that 30,000 websites are hacked every day. Storing large amounts of data makes your organization more attractive to hackers. Should a data breach occur, your organization will also be at risk for more severe liabilities.
“Securing your site is just like locking your doors at night. You don’t do it because you expect something bad to happen – you do it because if something did happen it would be devastating.” -GoDaddy
Organizations that collect too much consumer data are easy targets for hackers. To illustrate this, let’s look at some examples of large-scale breaches we’ve seen in recent years. Even the most established, well-known companies are vulnerable to hackers and cybersecurity breaches.
Equifax is a consumer credit reporting agency. The very nature of the company requires it to collect vast amounts of consumer data. This company would likely have access to its users’ names, email addresses, driver licenses, social security numbers and more.
In 2017, Equifax reported that it had experienced a cyberattack that affected the personal data of 145 million consumers. This company collected a high volume of personal information, making them a hacker’s jackpot. When a company stores this much data they risk encountering hefty damages in the event of a security breach.
In 2018, Facebook announced that it too had suffered a breach that affected the personal data of 50 million users. Hackers were able to access the ‘View As’ feature on the social platform and essentially take control of users’ accounts. Lewis Henderson, VP Threat Intelligence at Glasswall Solutions, stated that “this security vulnerability points to an infrastructure flaw, namely that it was probably never designed to house this many subscribers.”
As the number of Facebook users grew, the platform’s security needs grew along with it. By failing to anticipate this growth, Facebook inadvertently created a weakness that hackers were able to exploit. Cybersecurity will always be a high priority issue. Growing companies must stay on top of continuously evolving security standards to ensure their system can operate seamlessly as they add users.
Timehop, a popular social media memory app, reported that their system was attacked and all 21 million users were affected. This app requires users to connect their Facebook, Instagram and/or Twitter accounts in order to create the digital memory. Hackers gained access to the mobile app through the company’s cloud computing system.
According to the company’s statement, the cloud account that was compromised was not secured with multi-factor authentication, creating a vulnerability. In the case of a breach, the use of multi-factor authentication could potentially mitigate the failure. The company stated on their blog, “the damage was limited because of our long-standing commitment to only use the data we absolutely need to provide our service.”
We have seen massive growth in terms of the generation and collection of consumer data over the years. The rapid pace and frequency at which this process occurs has created a need for regulations that will dictate how much and what types of data companies can collect.
While the list of security threats has grown in recent years, we have also seen the introduction of some privacy laws and regulations that aim to protect our personal data. One of these is the General Data Protection Regulation (GDPR). This regulation was put in place in the European Union but also protects the information of individuals outside of the EU.
The GDPR works to give people more control over their personal data while placing more accountability on the side of the data aggregators. Included in the GDPR is the right of erasure (formerly the right to be forgotten), which allows individuals to request personal data related to them be erased. The GDPR made waves in the cybersecurity landscape by introducing hefty penalties for companies who fail to secure their collected data. Larger measures such as the GDPR work to protect our personal information, but companies still need to make cybersecurity a top priority.
“Defenders need to think of everything, while attackers only need to find one small mistake.” -Lily Hay Newman, Security Columnist for Wired
Security breaches can take place for any number of reasons, but more often than not they are the result of human error or negligence. In the case of Equifax, hackers gained access through an Apache Struts (an open-source web application framework) vulnerability that the company had been made aware of prior to the breach. Had they updated their system in a timely manner, the information of millions would still be secured and the repercussions avoided.
The unfortunate truth is that these security breaches are largely inevitable. Given enough time and money, hackers can breach even the most sophisticated security. Just like with physical security, all we can aim to do with cybersecurity measures is raise the cost and inconvenience for the would-be hackers or thieves.
Hackers are growing more sophisticated and becoming more creative with their attacks, making it increasingly more important to take preventative measures. Organizations that are proactive and cautious with their security practices can lessen the size and severity of any future breaches.
Cybersecurity Best Practices
Companies should ensure that they are implementing the latest encryption standard as part of their security practices. In the case of a security breach, hackers will not be able to access or make use of encrypted data. The standards for encryption are constantly evolving as computing power increases. What once would have taken years to crack can now be done in minutes, making it crucial for companies to keep up with encryption standards and best practices to avoid stolen encryption keys.
Secure Sockets Layer (SSL) is a standard security protocol for establishing encrypted links between a web server and a browser in online communication. The primary use of SSL is to keep sensitive information private and to ensure that only the intended recipient can access that information. The installation of an SSL certificate guarantees that the server you are connecting to is legitimate and secure.
Migrating your software from your own data center to a cloud service outsources much of the security to them. Hosting information on a cloud provider like AWS can help to protect against theft and data breaches. Cloud providers also handle software updates automatically, reducing the risk of vulnerabilities in outdated software. Cloud providers can spot and stop threats such as DDoS attacks (Distribution Denial of Service) before they do serious damage.
“As technology becomes more and more deeply integrated into our lives, we become more and more dependent on it. But this dependence makes us vulnerable if technology fails.” -Cesar Cerrudo, CTO of IOActive Labs
The repercussions of a data breach have a large span of influence. Data breaches can have a significant impact on an organization’s reputation. Studies show that up to a third of consumers will stop doing business with organizations after a breach.
When an organization fails to protect the data of its consumers, it results in a massive loss of trust. On top of any reputation damages that may occur, a single ransomware incident can cost a company more than $713,000.
Companies cannot ignore the issue of cybersecurity. As technology becomes more sophisticated, so too will hackers. Data breaches have steep financial and reputational consequences that drastically impact a company’s success. Taking the time to continuously ensure your website is secure will help prevent cyber attacks and uphold a positive reputation.
When it comes to building a secure website or mobile app from scratch, working with Seamgen is ideal. We help our clients find the right mix of cybersecurity and functionality. We ensure businesses can deploy secure, reliable, and user-friendly applications to achieve the best possible results. To learn more about how we can help your company build a secure website or mobile app, please contact us today.