Despite the fact that UK data centers were in the top ten lowest risk, according to Data Centre Risk Index 2016 (DCRI), breaches affecting British citizens still made plenty of headlines in 2017.
As recently covered, cyber attacks are becoming the number one business risk. The reason? Too little businesses recognise their data management as a priority. The pitfalls of this approach became clear last year, when enterprises, one after another, were reporting breaches to their security systems. And there were some scary breaches, with sensitive data being compromised.
Credit recording agency Equifax, judged by the severity of the unauthorized access, is at the top of the table, with 143 million records breached in a series of coordinated identity theft attacks. Next to follow is the National Health Service (NHS) with 26 million of medical records being exposed in ransomware WannaCry attacks, that also caused a severe disturbance in the operation of 2, 700 practices around the country.
The importance of continuous data protection
When trying to cope with disasters that disclose serious malfunctioning of the systems created by other fellow humans, rather than acknowledging that something could have been done differently, businesses usually blame it all on the “bad year”. A similar narrative has already surrounded the recent hacker attacks, and you might recall how businesses have talked themselves through the 2008 economic crash. A “bad year” seems to be a handy concept to deal with the failures, but also the one that hampers the way to learn from incidents, such as data breaches.
According to the statistics provided by Breach Level Index, every hour 214,399 records are still falling into wrong hands around the world. But why it shouldn’t? If the valuable data will remain accessible on the internet, the hackers that pray on it, will be around too. Learning about data protection is a serious obligation of any business that doesn’t want to have their reputation and security of data subjects compromised in easily avoidable data breaches.
The damaging result of data neglect
The results of data neglect are easy to predict, even if you lack the abreast knowledge regarding malware. First things first, you risk losing or exposing your customer’s data to potential threats to a serious threat.
By failing to secure your infrastructure with the recommended software updates, not following the necessary maintenance routine, or postponing security controls such as penetration testing, you are breaking the rules of data protection that might cost your business serious money. How serious? That will depend on the regulations in your country, but for the GDPR the spectrum of the fines falls between €10 million or 2% of the annual global turnover of the previous year, or €20 million or 4% of the annual turnover of the previous year, whichever is higher.
But fines are not the only costs organisations might have to cover, as retrieving your computer infrastructure, or renting a workplace recovery when your computer premises were compromised could also hurt your company’s budget. Not to mention paying compensations to all the data subjects affected by the data breach, whose personal information has not been encrypted (only 4 % of all data leaks since 2013 contained safe” data).
With costs of cybercrimes projected to reach $2 trillion by 2019, paying a monthly fee for a service seems like a fair deal. The last, but not least, is business reputation. It might seem to you like only the large banks, retailers and big corporations can be targeted by hackers since they have the most media attention. If you think that you are already making complacent assumptions, that are the first symptoms of data neglect. Having a database is the first reason to stay alerted.
Sourced by Kamilla Koronska