Recently we came across a website which visualises mass data sets into interactive charts called Information is Beautiful. One chart that caught our eye was ‘World’s Biggest Data Breaches’, which outlines the largest breaches of data since 2005. This visualisation really highlights the sheer number of breaches we’ve seen in recent years.
The frequency and severity of data breaches have helped make the word ‘hack’ an everyday term, whilst bringing the issue of cybersecurity to prominence, particularly across the US, the UK and mainland Europe. The average person is now aware of the potential threat of their data being illegally accessed online by anonymous third-parties, who may steal personal information for a variety of nefarious uses. Easyjet, Microsoft, Virgin Media, Capital One, Toyota and the Dutch government are just a handful of the many breaches we’ve seen over the last 24 months. With petabytes of personal, financial and medical information stored online, this is a worrying trend.
The age of the hacker
So why are these hacks happening so frequently? Large scale breaches have occurred regularly since 2005, but it wasn’t until 2009 that they became as frequent as they are today. Since that date, breaches involving the theft of over 100 million records have taken place almost every year. Myspace, eBay, LinkedIn, Court Ventures and Heartland are just some of the biggest that spring to mind. But what caused this spike? Interestingly, Information is Beautiful allows you to filter the results to see the causes.
Accidental publication has been a major cause of data breaches among big names. Apple, Facebook and AOL are just three organisations that saw millions of confidential records released due to administrative errors. A similar number of breaches were due to configuration errors, including the mass breach of over 191 million records from the US voter database. Even more worrying is that poor security resulted in numerous data breaches affecting the IRS, Citigroup and Mozilla, putting huge amounts of data at risk. All that being said, the overwhelming majority of breaches are due to hacking.
Hackers are using more sophisticated methods and becoming more determined, putting organisations under greater pressure than ever. Sensitive information isn’t the only thing at risk, with a large breach having the potential to severely damage a company’s reputation. For these reasons, organisations have had to adapt and work harder to ensure data security. Businesses now need to work closely with their cloud hosting providers to make sure that all vulnerabilities are covered.
Cloud providers such as ViserHost now offer continuous support and advice on new threats and the actions needed to counter them, while also providing guidance to educate users on best practice. For example, simple measures such as adopting secure passwords (containing at least eight alphanumeric characters) can help protect data at the most basic level.
Online security can no longer simply react to data hacks – instead, it needs to protect data by anticipating threats. The changing nature of security breaches means that the battle will continue to rage on, but organisations can take steps to ensure they’re as prepared as they possibly can be.
Social engineering and human weaknesses
An increasingly important part of company cybersecurity is human vulnerability. Despite having the resources to maintain a watertight infrastructure with private networks and firewalls, a company's workforce represents a chink in the armour of any business. With hackers employing increasingly sophisticated ‘social engineering’ tactics that involve manipulating confidential data from an individual, well-meaning employees can unintentionally allow attackers through security defences. It’s easy for hackers to target social media accounts for information or send emails pretending to be an employees friend. Similarly, password security, ‘shoulder surfing’ or keylogging software loaded onto USB drives can pose other human threats to online security.
Have I been pwned?
To minimise these dangers, businesses should instruct their workforce on the importance of their role in company security, with communications and courses. Ensuring that all third-party apps are updated can also help prevent nefarious hackers from gaining access to your website. Useful resources such as the ‘Have I Been Pwned?’ website can also allow you to search across multiple data breaches to see if your email address has been compromised.
At ViserHost, we support our customers at every stage to maintain maximum levels of security within our fully penetration-tested CloudNX platform. This reliable infrastructure is housed at our own secure UK data centres, with security features such as firewalls and public networks ensuring you have everything you need to keep your data safe.