TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

data breaches

How Can A Data Breach Cost Your Company For Years?

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The repercussions of a data breach extend far beyond the immediate aftermath. They often haunt businesses for years.

Only 51% of data breach costs occur within the first year of an incident. The other 49% happen in year two and beyond.

The unseen costs of a data breach

The First American Title Insurance Co. case is a good example.

The 2019 cybersecurity breach at First American serves as a stark illustration. It reminds us of the far-reaching consequences of a data breach. In this case, the New York Department of Financial Services (NYDFS) imposed a $1 million fine.

Cybersecurity sites announced the fine in the fall of 2023. The company’s fine was for failing to safeguard sensitive consumer information. This is one example of how costs can come long after an initial breach.

[Read more…] about How Can A Data Breach Cost Your Company For Years?

Top Data Breaches Of 2023: Numbers Hit An All-time High

The battle against cyber threats is an ongoing challenge. Unfortunately, 2023 has proven to be a watershed year for data breaches. Data compromises surged to an all-time high in the U.S.

The last data breach record was set in 2021. That year, 1,862 organizations reported data compromises. Through September of 2023, that number was already over 2,100.

In Q3 of 2023, the top data breaches were:

• HCA Healthcare
• Maximus
• The Freecycle Network
• IBM Consulting
• CareSource
• Duolingo
• Tampa General Hospital
• PH Tech

Let’s look at the main drivers of this increase.

The size of the surge

Data breaches in 2023 have reached unprecedented levels. The scale and frequency of these incidents emphasize the evolving sophistication of cyber threats as well as the challenges organizations face in safeguarding their digital assets.

Healthcare sector under siege

Healthcare organizations are the custodians of highly sensitive patient information. As a result, they’ve become prime targets for cybercriminals and hackers looking to exploit personal information.

Ransomware reigns supreme

Ransomware attacks continue to dominate the cybersecurity landscape. The sophistication of this threat has increased.

Supply chain vulnerabilities exposed

Modern business ecosystems have an interconnected nature. This has made supply chains a focal point for cyberattacks. The compromise of a single entity within the supply chain can have cascading effects.

Emergence of insider threats

The rise of insider threats is adding a layer of complexity to cybersecurity. Organizations must distinguish between legitimate user activities and potential insider threats.

IoT devices as entry points

The proliferation of Internet of Things (IoT) devices has expanded the attack surface. There’s been an uptick in data breaches originating from compromised IoT devices.

Critical infrastructure in the crosshairs

Critical infrastructure has emerged as a prime target for malicious actors seeking to wreak havoc and sow chaos. From power grids and transportation systems to financial institutions and healthcare facilities, the vital systems that underpin modern society have found themselves squarely in the crosshairs of cyber attackers.

The role of nation-state actors

Nation-state actors are entities sponsored or supported by governments to engage in cyber activities, including espionage, sabotage, and other malicious actions, often for political, economic, or strategic purposes.

These actors operate with the resources, capabilities, and backing of a nation-state, allowing them to conduct highly sophisticated and coordinated cyber campaigns.

Nation-state actors are increasingly playing a role in sophisticated cyber campaigns. They use advanced techniques to compromise sensitive data and disrupt operations.

The need for a paradigm shift in cybersecurity

The surge in data breaches underscores the need to rethink cybersecurity strategies.

Collaboration and information sharing

Collaboration among organizations and information sharing within the cybersecurity community are critical. Threat intelligence sharing enables a collective defense against common adversaries.

Cyber-Compliance Is Serious Business

If you’ve never experienced a cyberattack, you might not think it’s such a big deal.

Especially if you work in management, you’re so busy focusing on the so-called squeaky wheels of every day; does it really matter if you keep up with the intricacies of modern cybersecurity compliance protocol? YES!

Increased digitization across the globe plus ever-advancing cyber threats equals a constantly evolving market, and legislation that scrambles to keep up.

Why Reporting Matters in a Data Breach

Have you ever experienced a cyberattack, either aimed at you or leveled at your organization? If so, then you might already know how important it is to report the breach – and we don’t just mean to your direct managers or the police!

When a data breach happens, you are often beholden to laws detailing what, how fast and to whom you must disclose. For example, financial institutions have to notify the Federal Trade Commission within thirty days.

You typically have to disclose the breach to anyone affected too, depending on what information was stolen. Where do you work? Do you know the laws set upon your industry and role?

So not only does cyber-compliance affect your ability to protect yourself and your customers from a data breach, but that hack will affect customers’ trust in your ability to keep their personal and financial information safe.

There are also legal concerns to think about. Lawsuits can cost millions between legal fees, penalties, profit losses and disruptions to the daily workflow.

Consider that the average company spends $10K per employee on cyber-compliance, and you see why maintaining compliance saves millions – about half of what you’d spend if you let vulnerabilities lay rampantly unpatched.

Maintaining compliance isn’t just smart; it’s necessary. To foster good relationships with your customers and shareholders, and avoid fines and breaches, companies must maintain a compliant cybersecurity structure.

These regulations change over time but do so to keep up with the latest tricks up cybercriminals’ sleeves.

Our IT services include compliance as part of our all-in-one package to reduce excess labor on your end. We’ll stay up to date on changing regulations so you stay cyber-compliant!

Reporting is one of many important regulations that make you more cyber-secure. Think about it: If your bank accounts, or health records, or mailing information got leaked, wouldn’t you want to know?

It’s not just about preferences, though. Data privacy is a right in many countries across the globe. More and more, people and legislation are all pushing for better data privacy protections.

How can we keep our accounts and data private if we don’t know when a breach has occurred? If you don’t know YOUR reporting requirements, now is the time to find out! Give us a call.

Data Breaches Cost Healthcare $6.5M Or $429 Per Patient Record

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Data breach costs are on the rise, with breach-related spending in the healthcare sector reaching $6.5 million on average, an IBM-sponsored report shows.

Data breaches cost the healthcare sector an average of $6.5 million per breach, over 60 percent more than all other business sectors, according to a Ponemon Institute report, sponsored by IBM. Other sectors spend about $3.9 million, on average.

Researchers interviewed 500 global organizations that experienced a data breach in the last year. The researchers found for the ninth consecutive year the healthcare sector is still the hardest hit financially by data breaches.

The costs are directly related to legal, technical, and regulatory functions, including patient notifications, breach detection and response, and lost business caused by reputational damage, loss of consumer trust, and downtime. [Read more…] about Data Breaches Cost Healthcare $6.5M Or $429 Per Patient Record

Major Password Breach Uncovered

Some people collect antique trinkets while others collect more abstract things like adventures. There’s someone out there, however, collecting passwords to email accounts, and yours just might be part of that collection. To date, it has been estimated that over 273 million email account passwords have been stolen by a person or entity now called “The Collector.” This criminal feat is one of the largest security breaches ever, and the passwords have been amassed from popular email services, including Gmail, Yahoo!, and AOL.

It is unclear exactly why “The Collector” has procured so many email passwords, aside from the fact that the individual is trying to sell them on the dark web. The puzzling part of this, however, is that the asking price is just $1. So, the hacker may only be seeking fame for achieving such a large-scale feat.

The email account credentials may have more value in being used in an email phishing scam, but it’s impossible to know the cybercriminal’s intentions as this point. While potentially having your email hacked doesn’t sound like that big of a threat, there are multiple ways in which this information could be used for harm.

The most notable risk is that the login information may be used to access other accounts; many people use the same username and password for their emails accounts as other ones, such as for online banking. So, there is far more value in this large collection than just the asking price of $1. To protect yourself, security experts advise you change your password immediately.

Data Breaches And The Building Blocks Of Cyber Security

Michael Menor is Vice President of Support Services for Tech Experts.

The data breaches at Target, Home Depot, Staples, Michaels, Anthem, and Sony Pictures Entertainment are just the tip of the iceberg and the stakes are very high. They’re costly for both businesses and customers and once the breach is announced, customers often terminate their relationship with that business.

You may ask, “What constitutes a data breach?” It is an event in which an individual’s information, including name, Social Security number, medical record and/or financial record or debit card is potentially put at risk. This can be in either electronic or paper format. The data set forth in this article is based on Ponemon Institute’s “2014 Cost of Data Breach Study.” Ponemon conducts independent research on privacy, data protection and information security policy.

New methodologies developed by the National Institute of Standards and Technology (NIST) and other industry standards bodies, such as the Department of Health and Human Services (HHS), are being implemented by many organizations, but best practices for addressing cyber security threats remain vague.

So what can be done to minimize cyber security threats? An effective starting point is to focus on the following essential building blocks of any cyber threat defense strategy.

Most organizations rely on tools like vulnerability management and fraud and data loss prevention to gather security data. This creates an endless and complex high-volume stream of data feeds that must be analyzed and prioritized. Unfortunately, relying on manual processes to comb through these logs is one of the main reasons that critical issues are not being addressed in a timely fashion.

Implementing continuous monitoring, as recommended by NIST Special Publication 800-137, only adds to the security problem as a higher frequency of scans and reporting exponentially increases the data volume. Data risk management software can assist organizations in combining the different data sources, leading to reduced costs by merging solutions, streamlining processes, and creating situational awareness to expose exploits and threats in a timely manner.

One of the most efficient ways to identify impending threats to an organization is to create a visual representation of its IT architecture and associated risks.

This approach provides security operations teams with interactive views of the relationships between systems and their components, systems and other systems, and components and other components. It enables security practitioners to rapidly distinguish the criticality of risks to the affected systems and components. This allows organizations to focus mitigation actions on the most sensitive, at-risk business components.

Effective prioritization of vulnerabilities and incidents is essential to staying ahead of attackers. Information security decision-making should be based on prioritized information derived from the security monitoring logs. To achieve this, security data needs to be correlated with its risk to the organization. Without a risk-based approach to security, organizations can waste valuable IT resources mitigating vulnerabilities that, in reality, pose little or no threat to the business.

Lastly, closed-loop, risk-based remediation uses a continuous review of assets, people, processes, potential risks, and possible threats. Organizations can dramatically increase operational efficiency. This enables security efforts to be measured and made tangible (e.g., time to resolution, investment into security operations personnel, purchases of additional security tools).

By focusing on these four cyber security building blocks, organizations can not only fulfill their requirements for measurable risk reporting that spans all business operations, but also serve their business units’ need to neutralize the impact of cyber-attacks.

These methodologies can also help improve time-to-remediation and increase visibility of risks.