Five of the worst data breaches from recent years

When a business is hit by a data breach, there's often no telling just how significant the consequences will actually be.

The fallout from a breach could mean minor financial damage, as the company institutes new security systems and processes, and reimburses any affected customers, or a seriously tarnished reputation. After all, what customer will want to use services from a business they know isn't secure?

These breaches were ranked as a top issue of chief information officers in an NC State report from earlier this year, with 53 per cent of respondents stating that they were insufficiently prepared. This is clearly a concern for businesses, and understanding is the first step to preventing a breach from occurring.

Below, we'll take a look at five of the worst data breaches in the last few years.

Heartbleed

This was one of the biggest bugs in recent years, causing a substantial number of data breaches. It was revealed by security firm Codenomiconon, after it had been operating for nearly two years.

According to TechRadar, this bug affected around 17 per cent of secure web servers on the internet, exposing sensitive data such as passwords.

Impacted companies included Amazon, Reddit and WordPress.

Target

As one of the biggest retail chains in the US, any data breach is almost certainly going to be bad news for Target. The company was hit in point-of-sale terminals, which in turn impacted around 70 million shoppers. Information such as credit cards and customer names and addresses were stolen.

Target explained that while the issue was resolved soon after discovery, they continued to conduct an investigation to identify other potential impacts.

Epsilon

In 2011, a company called Epsilon was hit with a substantial data breach, one which exposed customer names and addresses thanks to the work of outside attackers. While no payment information or anything more sensitive was leaked, US$225 million in damages was eventually paid out.

Sony PlayStation

The final breach on the list is Sony PlayStation, with an attack that also happened in 2011. A massive 77 million users were affected by this breach, with the PlayStation Network having to be shut down for 23 days in response.

What's more, $171 million in damages was paid out.

Sony witnessed another fairly substantial breach at the end of 2014, when the film and television sector of the company was hacked.

Data breaches can often have serious consequences.

Data breaches can often have serious consequences.

While IT security should rank as a top priority to mitigate the threat of data breaches, another necessary course of action is proper IT governance strategies. These can help to ensure that all staff responsible for the security of IT systems understand how to manage them correctly.

If you'd like to get your staff started with either IT security frameworks or an IT governance methodology, get in touch with ALC Training today.

With an SME cloud push comes a need for a security focus

Cloud technologies have quickly changed communications and information management across the globe, as data is now easily shared and accessed across any number of devices, and in any location with an internet connection.

SMEs have recognised the benefits of cloud technologies – and that's why they're starting to take to the online systems in droves. In fact, a new report from the Asia Cloud Computing Association (ACCA) found that small and medium-sized enterprises in the region are now the biggest IT spenders, with an increasing focus on new cloud, remote and virtualisation technologies.

As this cloud focus ramps up, however, SMEs will need to ensure that they're focused on keeping the systems (and data stored on them) absolutely secure through the right tools and architectures.

SMEs taking to the cloud

The ACCA report released earlier this year noted that SMEs in Asia spent around US $2 billion on cloud services in 2014, specifically in developed and emerging areas. What's more, the growth rate for these services stood at around 42 per cent.

Remote desktops were identified as a necessary area of focus, as they can support several trends. Once these cloud-hosted computers are set up, a business can have staff work off laptops at home, on cheaper, low-powered computers in the office or on devices at other office locations.

While these benefits could be applicable to any size business, the ACCA report noted that SMEs are taking to the systems in order to make money.

"This is a very different mentality from large corporates and it means that the messaging around cloud technologies and services for SMEs to date has been misplaced," ACCA explained.

"The initial attraction of cloud computing for the larger corporates lies in the cost savings and efficiencies it enables. But for SMEs it will be all about greater reach, greater speed, and greater flexibility in acquiring or serving a customer."

However, as this cloud push continues, it's going to be essential for SMEs in the region to place a high priority on security. Failure to do so could mean serious problems for businesses. 

A failure in cloud security could be disastrous.

A failure in cloud security could be disastrous.

The necessary precautions

Given that cloud technologies are still relatively new, there's uncertainty when it comes to security requirements. For example, the online systems are not completely secure against outside attacks, as unwitting staff could let an attacker onto a network.

A report from 2013 by Porticor found that in the midst of a substantial cloud push there was also a massive rise in cloud-based criminal activities.

These often include attackers outside the company gaining access to secure systems within the business, either through what's known as a cyberattack (conducted over a network) or manipulating employees (malicious emails and chat messages).

It can be next to impossible to identify when these attacks could occur, and that's why early preparation is so vital.

Cisco also noted the importance of cloud security, explaining that with the new technologies comes new security risk. The organisation explained that any cloud adoption depends on an appropriate security focus.

"To succeed with cloud computing, organisations must address cloud security concerns," Cisco noted.

To start taking security seriously, all business leaders should consider the benefits of upskilling staff. Through a variety of versatile frameworks such as ITIL and SABSA, it's easy for a business to ensure the security of online systems.

These mean that staff understand what can cause a security risk or breach, and they're constantly focused on preventing such events from occurring.

Speak to ALC Training today if you'd like to ensure that even in the midst of cloud migration, your staff know how to handle security.

Mobile on the up-and-up

Mobile technologies appear to be seeing substantial proliferation across the globe, as businesses race to take up the devices for everything from communications to remote working.

In fact, this year could see usage climb higher than ever before, thanks to growing device shipments and data traffic continuing to rise. Challenges remain, however.

Mobile growth is likely to take many businesses off guard – especially in areas such as security. It's crucial that, along with IT frameworks, companies put security methodologies in place.

Significant global device growth

Total worldwide devices shipments, which include PCs, mobile phones and tablets, are estimated to hit 2.5 billion units this year, which is an increase from the 2.8 per cent seen in 2015.

Mobile phones alone are expected to reach 1.9 billion units this year, growing 3.5 per cent. Gartner noted that cheaper smartphones will continue to present attractive options for consumers and negate a need to increase device prices.

Smartphones are set to see growth thanks to the low-end.

Smartphones are set to see growth at the low-end.

Coupled with growing device usage will be a rise in mobile data traffic, according to a new report from Cisco. Traffic grew by 69 per cent in 2014 across the globe, and it's expected to increase tenfold until 2019, expanding at a combined annual growth rate of 57 per cent.

What's more, network speeds will also climb, making it easy for businesses to access the information required regardless of whether or not they're connected to WiFi networks.

The issue of security

Security is likely to remain a key issue in the near future as devices continue to grow in usage – and this needs to be addressed.

As with many new technologies, staff will be unfamiliar with the necessary security practices – which often include setting up passcodes, remote device wiping and even having IT departments manage the devices.

Failure to put security measures in place could lead to significant data breaches – in which valuable or sensitive information is exposed to parties outside the company.

As noted above, an ITIL certification from a training organisation can go a long way towards effectively managing new device trends – especially when it means a new way of working.

ITIL gives employees best-practice knowledge that can be utilised time and again across new IT projects, and even in other areas of the business. If you're interested in finding out more about ITIL, speak to ALC Training today.

Could engagement be a recipe for burnout?

For many business leaders, it's easy to define their engaged group of workers. These are the staff who always arrive early, remain productive and helpful throughout the working day and are ready to respond if an issue crops up – at night or even on weekends.

However, having workers switched on 24/7 may not be a recipe for productivity, it could be leading to burnout.

Author and founder of The Energy Project Tony Schwartz explained in a recent CEO.com article that while the common definition of engagement is the "willingness to invest discretionary effort at work", this could have less than desirable effects – certainly not the consistent high performance employers are after.

Mr Schwartz cited a 2012 engagement study conducted by consulting firm Towers Watson, which explained that traditional engagement is no longer the answer for high performance.

"Companies in which employees reported feeling well taken care of – including not working too many hours – had twice the operating profit margins of those with traditionally engaged employees, and three times the profit levels of those with the least engaged employees," Mr Schwartz said.

Of course, preventing burnout is not exactly an easy task – especially if the company has stringent targets and deadlines. This could be the implementation and management of a new IT security initiative, or any other large project. 

In a study published in the Journal of Paediatric Oncology Nursing at the end of 2013, mindfulness was assessed as a possible tool to reduce burnout in nurses and other medical professionals.

In effect, it means slowing employees down and keeping them relaxed – through use of a 'relaxation station' or another initiative.

The results found that such practices can be taught in the workplace and can prove useful as a component of a wider strategy to reduce burnout. These practices can also be applied to the wider workplace.

It's no secret that many modern workplaces are stressful environments – and there's a real danger of burnout if staff workloads aren't carefully managed.

Who can you trust? The growing threat of data breaches

Almost every business across the globe will understand the threat of a security breach – specifically one caused with regards to IT systems.

The loss of data as a result of these breaches is often not the biggest side effect, however, as a company will often struggle to reimburse customers impacted by the event and repair a damaged reputation.

A solution is required – but it's becoming more difficult for business to find one. Aside from the standard information security solutions, businesses need to address all potential attack vectors.

The threat landscape

At the end of 2014, Verizon Enterprise released a report detailing data breaches during the year. It surveyed 50 organisations across the globe and investigated over 63,000 security incidents, along with 1,367 confirmed data breaches.

The report serves to show the substantial array of attacks, and what businesses need to do. Here are just a few:

Miscellaneous errors: These are any mistakes that compromise security, whether it's sending confidential data to the wrong party or failing to destroy sensitive information after use.

Insider misuse: Something that's quite hard to deal with, but a danger nonetheless. Essentially, these are people within the organisation leaking sensitive data.

Web apps: Attackers using stolen credentials or even exploiting vulnerabilities to gain access to web applications, whether they're content management systems or related to e-commerce.

Businesses need to start thinking about cybersecurity.

Businesses need to start thinking about cybersecurity.

As data security needs to be a top priority, every organisation needs to understand the possible threats. As noted above, loss of data could prove to be extremely damaging.

So what measures can be taken to ensure ongoing security?

Protective measures

It's important for businesses to look beyond software when implementing effective security. As can be seen with the attack vectors above, many can occur from within the business itself.

That's why it's important to educate staff on security practices and teach them about what can cause breaches. Such education could involve why it's important not to plug in unknown flash drives, or visit web links that appear malicious.

In addition, there are security methodologies available that can be used to implement stronger security architectures. In turn, this means stronger security systems that the business can use to defend against cyberattacks.

A best-practice methodology such as SABSA is one of the best options for security – as it's a leading open security architecture framework. As with most frameworks, it doesn't take long to get up to speed with the course – and the benefits can be long-lasting.

What can cause a data breach?

The term data breach may strike fear into the hearts of business owners and IT personnel, especially those in charge of securing important information.

Trend Micro defines a data breach as: "The exfiltration – the release of data from a system without the knowledge or consent of its owner."

When a data breach occurs, sensitive employee and customer data, payment information, company details and other types of data can be stolen and distributed. It's easy to see just how damaging these events can be – one only has to look at the high-profile breaches that occurred in 2014.

So, it's obviously important to put the right security measures in place and conduct IT security training, but how do these breaches occur in the first place?

Cyberattacks

This is likely what most people will think of when they think of a data breach, as they commonly make headlines. Such attacks usually stem from malicious third parties that are either seeking to steal information for personnel financial gain, or perhaps on behalf of another group.

The truth is, cyberattacks aren't the biggest cause of data breaches and are also one of the easier 'threat vectors' to protect against.

Unwitting employees

This is what's also known as an internal breach, when the business itself is responsible for the information leak. Most commonly, unwitting staff are responsible. The breach could stem from an employee who doesn't understand a particular system, or perhaps a lost device.

For example, a staff member could leave an unlocked smart phone, tablet or laptop in a public place, which subsequently makes it easy for an attacker to to steal information.

Revenge attacks

The final cause is a revenge attack – carried out by a disgruntled employee, or perhaps someone who has recently been let go but not had security access revoked. It's all too easy for a person who has left the company in such a way to feel a need to exact revenge on the business.

While these people may not be after financial information or attacking for personal gain, they can do far more damage simply by attacking for the sake of it.

Data breaches are only likely to become more dangerous over the next few years, as businesses continually invest in technological endeavours. New online platforms and services are all ripe targets for businesses.

Improving organisational workplace wellness

The health of employees should be one of the top priorities for every business leader and manager, as happy and healthy staff members can mean big changes for the workplace.

This article will take a look at what workplace wellness is, and what businesses of all sizes and industries can do to improve it.

Defining wellness programs

Workplace wellness is essentially a policy that the business creates that supports healthy behaviour and activities, with the aim of improving the wellbeing of employees.

These could be free health checks held on a regular basis, or possibly free flu vaccinations during the appropriate season. In addition, wellness programs might involve fitness activities designed to motivate staff to stay healthy.

What are some of the benefits?

Aside from the obvious health benefits for employees, there are a number of other improvements for the company. For example:

Engagement: As staff have access to auxiliary programs that promote healthy living, they're far more likely to remain engaged employees. That is, workers who are more invested in their jobs and the company.

A focus here, for example, could prove useful in preventing an IT security event, as the staff will be more switched on and ready to respond.

Engaged employees could prevent an IT security event.

Engaged employees could prevent an IT security event.

Positive culture: A workplace culture is something that is intangible, but a good one is definitely noticeable. Having activities and programs that promote healthy living can do wonders for creating such an environment.

There are also financial benefits, as the company can reduce health care costs and even see absenteeism rates drop off, given the healthier state of workers.

Prioritising employees

Staff are one of the most valuable assets for a business, especially workers with experience. As such, it's important to think about the usefulness of wellness programs. The happiness and health of staff is often directly tied to their view of the company, and how engaged they are with their work.

The health and wellbeing of workers should start to become a focus of businesses, but it's also a good idea to ensure that the correct management practices are in place. These can help to ensure that workers are always correctly utilised, as well as engaged.

Get in touch with ALC Training today to find out more about people, IT and other capable frameworks. We've got a significant range available, and courses coming up this year across a number of major cities.

Mobile payment security a necessary consideration

Smartphones and tablets are quickly becoming the devices of choice for both consumers and businesses, for everything from general communications to entertainment and shopping.

While the devices undeniably offer significant benefits over traditional computers (improved mobility and information access from anywhere), there are challenges with security. Specifically, when it comes to mobile payment fraud.

This article will take a look at this growing issue, and why businesses need to take action.

A problem that's on a growth path

Mobile payment solutions are an easy way to pay for goods without needing to carry around cards or cash. The benefits for consumers and businesses are obvious – there's no need to provide cards or replace them when they go missing. Removing a reliance on cash also helps to eliminate discrepancies with business accounting.

A new study from Gartner has found that while these solutions are continuing to grow, fraud is a real concern. Vice President and Distinguished Analyst Avivah Litan explained that fraud in the mobile payment sector presents "looming problems with mobile payments".

Mobile payments are starting to take off.

Mobile payments are starting to take off.

"For years, we have been briefed by vendors offering a plethora of innovative and strong user authentication solutions for mobile payments and commerce," she said.

"And for years, we have been asking the vendors touting them how they know their mobile app is being provisioned to a legitimate user rather than a fraudster."

Why it needs to be dealt with

The mobile payment fraud problem is only likely to get worse as the trend gathers steam, and businesses will need to start taking action now.

In fact, Cisco announced that mobile data traffic grew by 69 per cent last year – certainly a reflection of the role mobile devices are starting to play day-to-day. These technologies aren't going anywhere, and every business with mobile payment infrastructure will need to start planning.

This means putting security systems in place for the payment systems and carrying out comprehensive IT security training for staff members. Security software is only part of the solution – employees need to understand the risk factors with mobile payments.

Looking ahead, mobile payments will likely proliferate substantially over the course of 2015, especially with initiatives like Apple Pay, Samsung Pay and others being introduced. To avoid the chance of fraud with this burgeoning industry, businesses should take action now.

US data breach a valuable lesson for businesses

Data breaches seem to make the news nearly every week, impacting businesses across the globe. Few companies are safe from these breaches, as both small retail stores and even government networks are at risk.

In many cases, data breaches don't occur as a result of a targeted cyberattack, but more often simply negligence when it comes to security. This is exactly what happened to a Texas-based health clinic.

Here, we'll take a look at what went wrong, and what businesses can do to prevent such breaches from occurring.

What happened?

A health clinic based in the massive US state of Texas was recently the subject of a significant data breach, one that impacted around 8,700 individuals, including 6,300 patients. This is according to Statesman.com, which reported on the breach in February of this year.

An employee at the health clinic that maintained the website accidentally created a backup file that contained the data, which was accidently made available on the website. Unauthorised individuals then proceeded to download the file.

"We take the situation very seriously," CEO Rhonda Mundhenk explained to Statesman.com. "What we're focused on now is notifying our patients."

Lack of security is dangerous for businesses.

Lack of security can result in stolen payment information.

Names, phone numbers, birth days, social security numbers and addresses were all exposed on the website for nearly six months – obviously a significant risk for businesses.

SC Magazine reported on the event, explaining that the information was subsequently removed and the website company released. It's a good first step, but it could have been avoided with the right approach.

So how could this breach have been prevented? The answer may not be what most businesses think.

Preventing a breach

This data breach wasn't a result of security system failure, but a breakdown with regards to staff training. Such a breach could still have occurred even if the business was using the most capable and modern security systems.

To prevent this kind of breach from occurring, businesses need to put IT security training practices in place, specifically designed to teach staff best practice.

The number of data breaches that impact businesses aren't likely to slow down any time soon, especially given just how much information is stored on IT networks. This makes them a valuable target for cyberattackers.

Businesses should start considering the best ways to bring staff up to speed with security.

Refurbished smartphones could hold promise for small businesses

Smartphones are expensive pieces of technology, albeit highly necessary for staff in order to stay connected regardless of location.

These are the vital links between employees and a business, allowing access to calling, messaging, email and even more specialised business applications thanks to growth in cloud capabilities.

However, they're also quite expensive, with certain models of smartphone climbing to around $1,000. Obviously, this can present a problem for smaller companies needing to tightly control funds, but also access capable mobile technologies.

Deploying refurbished smartphones

The answer to this problem lies with refurbished smartphones, devices that have already been used and then restored to near-new condition for further use. Given the current level of advancement when it comes to these devices, there's little difference between new and slightly older versions.

For example, while there were substantial performance jumps between versions in past years, now there are usually only minor hardware improvements to camera and screen technology – not exactly necessities for businesses.

In a new report from Gartner, the research organisation noted that the global market for refurbished phones sold to end users will grow to 120 million units by 2017. This is a substantial jump from the 56 million units in 2014.

Gartner explained that users are attracted to high-end devices that would have been unaffordable when new, but thanks to refurbishment see dramatic price cuts.

While consumers are the prime market for refurbished devices, there are also opportunities for small businesses.

As these companies usually have extremely tight control over finances, the ability to cut back when it comes such a significant expense is important.

However, it should also be noted that businesses need to implement such technologies with an appropriate degree of caution. This means using proven frameworks to ensure the devices meet the security standards of the business. 

Rising data​ breach numbers paint a troubling picture

IT systems are extremely important for businesses around the world, as they're necessary for everything from human resources management to enabling workers to access files on the go. There's really no area of modern business that technology doesn't impact in some way.

This dependance on IT isn't without risk, however, as a new report on 2014 data breaches has shown. Cyberattackers are going after sensitive information held by companies – something that needs to be addressed.

Breaches on the rise

Cybercriminals managed to compromise over one billion data records last year, totaling over 1,500 breaches, according to the new report from Gemalto. This represents a massive 49 per cent increase in breaches, and a 78 per cent increase in the number of records stolen.

This means information such as customer records, employee data and other important information relevant to the business. Once stolen, there's really no telling what a third party will do with the stolen data.

Gemalto sought to shed light on the massive number of breaches, covering regions across the globe. It's interesting to note the areas that were hit particularly hard.

These statistics point to North America as a region that needs to start paying attention to cybersecurity, but breach rates are high in countries across the globe.

The dangers of identity theft

There's one possible danger that could become a significant problem over the next few years – identity theft.

Tsion Gonen, the Gemalto vice president of strategy for identity and data protection, explained to Computer Weekly that there is currently a "clear shift in the tactics" of cyber criminals – with a trend toward long-term identity theft.

"Identity theft could lead to the opening of new fraudulent credit accounts, creating false identities for criminal enterprises, or a host of other serious crimes," he said.

"As data breaches become more personal, we're starting to see that the universe of risk exposure for the average person is expanding."

Breaches on a smaller scale

Last year will not simply be remembered for the high-profile breaches in larger companies, with Gemalto noting many smaller incidents.

"In addition to several high-profile hack attacks, the year included a number of lesser-known incidents that nevertheless resulted in significant theft of records, according to a comprehensive analysis of security breaches," the report noted.

Such striking figures should serve as a warning for businesses; it's now time to start instituting stronger security practices.

This means security systems on both computers, servers and mobile devices, as well as training for staff in best practices.

Employees should understand the threat of data breaches, where they originate and the potential issues that can arise if precautions aren't taken.

On the other hand, security frameworks also need to become a top priority. These are proven methods that a business can use to train staff in security best practices – necessary with the danger of breaches.

Certain frameworks can even be used to develop strong security architectures, which are necessary to protect businesses.

Data breaches are likely to continue expanding this year, and businesses need to ensure that security is no longer a background consideration. Moving security to the top of the priority list will make it easier to handle cyberattacks and lower the chance of a breach occurring.

Given the importance of IT systems, businesses certainly cannot afford to leave security up to chance.

Biometrics market growth means good news for security

Security is something that needs to stay at the top of the priority list for modern businesses, especially with cyber attacks and internal data breaches a constant concern.

Neglecting security for mobile devices and computer systems could leave these technologies exposed, making it easy for sensitive documents or files to leak. In turn, this can lead to financial fallout as the business struggles to undo the damage.

There could be a solution, however, in the form of capable biometric technologies.

These are the technologies found on devices like the iPhone 6 from Apple – small sensors embedded in the device that can read a fingerprint and verify the user's identity before unlocking.

Dealing with security

Security is currently something that's quite difficult to ensure, especially in larger organisations with hundreds of staff. As these workers will often be using mobile devices like smartphones and tablets on a regular basis, there's a high chance of a breach.

Staff could leave these devices in public places, exposed to a potentially malicious third party. The same goes for laptops and other portable computers. Within the workplace, disgruntled staff could access devices without permission, another potential cause of an information leak.

This growing technology could soon solve a number of security issues, thanks to greater device security and easier access for staff.

The benefits of biometrics

The improvements over traditional security measures are clear with biometric technology; there's no need to type in lengthy passcodes for each app and it means the devices are essentially impervious without the right fingerprint.

Biometric uptake is now increasing, with a report from ABI Research predicting significant growth in the sector this year. In fact, the revenues for the biometrics market could reach US$13.8 billion in 2015 alone – with further growth in the years after.

ABI explained that current biometric efforts stem from government entities, but growing consumer acceptance could lead to further consumer and enterprise uptake. By 2017, ABI predicts these two sectors will overtake government usage, thus becoming the largest segment of the market.

"Recent events [2014 data breaches] will no doubt increase governmental spending in 2015 as security measures are intensified in Europe and the United States," the report stated.

Biometrics in the enterprise

The ABI report also went into detail about the enterprise use-cases for wearable technologies, and how efforts have already begun.

"Enterprise demand is cooking up a plethora of wearables and smartphone technologies to implement biometrics into their products and services," ABI explained.

The report then went on to explore the possible growth in regions around the world.

"North America and Asia-Pacific will drive the field in sales in the following years while countries in the Middle East are expected to have mandatory biometric registration in the coming years."

While North America and Asia-Pacific are largely unsurprising, it's certainly a change to see the Middle East pull ahead of Europe.

It won't be long before biometrics are a given on nearly every new mobile device, and certainly those technologies used within enterprise environments.

Companies also need to consider frameworks; processes designed to manage the implementation of new technologies.

With data breaches likely to continue throughout this year, taking action with regards to security is of the utmost importance.

There are a substantial number of frameworks available, including SABSA and ISO, and businesses need to consider them in order to get the most out of security efforts.

To find out more about how these capable frameworks can be put to use within an organisation, get in touch with the team at ALC Training today.