There were 8.854 successful cyberattacks between January 1, 2005 and April 18, 2018. Unfortunately, cyberattacks are becoming increasingly complex, placing an even greater responsibility on businesses to develop effective cybersecurity practices to protect consumer data.
To learn more, check out the infographic below created by Ohio University’s Online Master of Business Analytics program.
Add This Infographic to Your Site
<p style="clear:both;margin-bottom:20px;"><a href="https://onlinemasters.ohio.edu/blog/essentials-for-protecting-consumer-data-in-the-big-data-era/" rel="noreferrer" target="_blank"><img src="https://s3.amazonaws.com/utep-uploads/wp-content/uploads/sparkle-box/2020/01/21130838/Essentials-for-Protecting-Consumer-Data-in-the-Big-Data-Era.png" alt="How business can protect their information from various forms of cyberattacks." style="max-width:100%;" /></a></p><p style="clear:both;margin-bottom:20px;"><a href="https://onlinemasters.ohio.edu" rel="noreferrer" target="_blank">Ohio University </a></p>
Cybersecurity in the Twenty-First Century
Businesses large and small spend millions of dollars to keep their networks secure. The damage caused by a data breach, however, far exceeds the cost of investment in data security.
The global cost of cybercrime is expected to reach $6 trillion by 2021. By 2024, it will reach $1 trillion. Unfortunately, just 38% of global organizations believe they’re capable of handling a complex cyberattack. From the perspective on an individual business, cyberattacks can be costly: In 2017, the average cost of a malware attack was $1.4 million.
Companies are also spending a lot of money to fight cybercrime. A 2017 PwC survey of 300 tech executives at U.S., UK, and Japanese companies found that while preparing for the EU’s General Data Protection Regulation (GDPR), 88% of companies spent more than $1 million, and 40% of companies spent over $10 million.
Studies on cybersecurity reveal some alarming data involving threats. For instance, just 25% of organizations have a dedicated security department, and small businesses are the targets in 43% of cyberattacks. When a data breach occurs, it’s usually detected about six months after it’s occurred. Despite this, 65% of companies have over 500 employees who have never changed their passwords.
In 2017, 61% of cyberattack victims were companies with fewer than 1,000 employees. These attacks are on the rise. Attacks on the Internet of Things (IoT) jumped by 600% and malware attacks targeting Macs increased by 80%. Most of these attacks were initiated with a phishing e-mail. Ransomware attacks are also increasing by 350% each year, a practice that costs businesses $5 million on average.
The damage caused by ransomware will reach $10 billion in 2019. Unfortunately, 30% of American open phishing e-mails and 95% of data breaches occur in part due to human error.
A Closer Look at Cyberattack Tactics
Hackers have a wide variety of tactics at their disposal. This means companies must pay close attention to network vulnerabilities and have procedures in place to prevent and respond to cyberattacks.
Common Types of Cyberattacks
One of the more common cyberattacks involves malware, a broad term encompassing agents like spyware, ransomware, viruses, and worms. Once malware penetrates a network vulnerability, it can block access within a network, install malicious software, and access hard drive data.
Another form of cyberattack is phishing, or fraudulent communications that are made to appear to come from a reputable source. Phishing works via an e-mail that’s sent with the goal of obtaining private information or the installation of malware on a specific device.
A third cyberattack, the man-in-the-middle (MITM) attack, is an eavesdropping attack where hackers intercept a two-party transaction and then filter and steal data. Once malware is installed on the victim’s device, hackers can then process all the victim’s information.
A denial-of-service (DOS) attack is another effective cyberattack. A DOS attack uses traffic to overpower a system, server, or network. It’s meant to exhaust resources and bandwidth. When multiple compromised devices are used to carry out the attack, it’s called a distributed denial of service (DDoS).
Another cyberattack is an SQL injection, which is an attack that forces a server to reveal confidential information. It works by inserting malicious code into a server. It can also be executed via submitting malicious code into a website search box.
Finally, a zero-day exploit is an attack that occurs after a vulnerability has been announced but before a solution is implemented. It works when attackers target the system or network through the vulnerability.
10 Steps for Protecting Consumer Data
The Federal Trade Commission (FTC) has developed 10 steps for businesses to protect their networks and safeguard sensitive data.
FTC Guidelines for Data Security
The FTC recommends the process starts with building security-driven limits on how much sensitive info is collected and disposing of obsolete financial data. It’s also vital to set sensible limits on employee and administrative access. Next, it’s crucial to require complex, unique passwords and implement unsuccessful login restrictions. The FTC also recommends storing sensitive personal information securely, protecting the information at every stage of its life cycle. Additionally, the use of firewalls and intrusion detection to segment and monitor your network is a vital step to take. It’s also critical to secure remote access to your network, limiting third-party access in the process. Another vital step is to apply sound security practices when developing new products. You should also ensure your service providers implement reasonable security measures. Additionally, you should put procedures in place to keep your security current, addressing vulnerabilities that may arise. Finally, you should always secure paper, physical media, and devices.
Data security is a fast-paced, evolving field that requires constant awareness and attention to vulnerabilities and advancements. To maintain consumer trust, businesses must prioritize data security and implement sound, secure business practices.