The year 2016 is turning out to be a record one for data breaches, and cybercrime won’t be slowing down any time soon. According to global digital security firm Gemalto, nearly five billion private records have been exposed globally since 2013. Data breaches were up 15% in the first half of 2016 compared to the prior six months.
Look at just a few of the data breaches from the second half of 2016, and the numbers demonstrate the overwhelming increase in cybercrime across numerous industries. In addition to the massive DDoS attack that crippled many popular sites on the Internet, which we covered in our October 25th Cyber Tuesday blog, 2016 has seen reports of some of largest data breaches in history. The Yahoo breach of 500 million users’ credentials went down as the biggest known invasion of one company’s computer network. FriendFinder Networks, Inc., recently suffered a massive breach of 412 million users’ information. San Francisco’s public rail system, Muni, was infected with Malware over the Thanksgiving weekend. While not as massive as the other breaches mentioned, it resulted in stolen data of employees and riders and also locked kiosks and computers, causing Muni to “provide” passengers with free rides, until the system went back online two days later.
This trend is further evidenced in the healthcare industry, with the HIPAA Journal reporting more healthcare data breaches have occurred this year than in the years from 2009 – 2013 combined. While the number of exposed patient records is significantly less in 2016 when compared to 2015, the number of breaches is on track to reach 300+ by year-end.
Even getting a snack or beverage is no longer immune from cybercrime. The Madison Square Garden Co. (MSG), owner of such iconic entertainment venues as Radio City Music Hall, Beacon Theater, The Chicago Theater and, of course, Madison Square Garden and The Theater at Madison Square Garden, fell victim to a data breach. If you purchased any food, beverages, or merchandise at Madison Square Garden Co. properties between November 9, 2015 and October 26, 2016, your credit card data may have been compromised. Criminals hacked into the MSG payment system and stole information including credit card numbers, cardholder names and expiration dates. MSG posted a breach notice on its website and stated the attack has been stopped and they’ve implement enhanced security measures. MSG became aware of the breach when payment card issuing banks noticed transactions indicating a security concern. MSG has yet to release the number of affected customers.
It has become widely accepted knowledge that no company is immune to a cyber breach, and there’s clear evidence that massive, sophisticated attacks will continue. It is more critical than ever that executive management get involved in cyber risk mitigation strategies, in order to safeguard their organizations. The C-suite as well as the board of directors must be educated on a company’s cyber-risk exposures (which can be achieved through a Risk Register). Executive management also needs to oversee the cyber security preparedness of the organization, and establish a team of representatives from various business departments (IT, Human Resources, Finance, Risk Management, etc.) that briefs them on the company’s risk and security protocols on a consistent basis.
Of course, the standards of IT best practices should also be adhered to. Some of which are:
- Patch operating systems/software and hardware firmware regularly
- Conduct cyber security staff awareness training
- Implement an incident response and disaster recovery plan
- Backup your data and test restoration processes
- Have an expert third party review your security practices and perform vulnerability testing
Organizations should also look to mitigate or transfer cyber risk with insurance coverage and carefully constructed vendor and independent contractor agreements.
Click here to request more information about The ALS Group or if you have questions regarding cyber risk mitigation strategies.
