If your company uses, collects, stores or relies on first-party data (and what successful company these days doesn’t?), you face all kinds of security-related risks.

f you cringe every time you see a headline about a massive data breach, fasten your seatbelt. It’s going to get much worse before it gets better. For most companies, it’s a question of when not if they’re going to have a data breach. The bigger question is how big the blast radius is going to be and what can you do preemptively to avert or contain it.

The facts are sobering: The average annual cost of a data-security breach for a company that misuses or loses data is $4.24 million, according to a recent IBM security survey, nearly 10% higher than it was before the pandemic. And that’s just the initial price tag. The real cost of a data breach cuts much deeper and can be existential: 60% of small- and medium-size businesses go bust within six months of a massive data breach.

Sadly, despite these statistics, most companies still don’t view data security as a top priority. If your company uses, collects, stores or relies on first-party data (and what successful company these days doesn’t?), you face all kinds of security-related risks that can make that $4.24 million seem like a bargain.

1. Someone misuses the data you collect

Here’s a shocker: One in four data breaches is caused by employees rather than outside attackers. That’s important because your company is not just on the hook for securing data you collect; you also need to secure how it’s used. Thanks to the EU’s GDPR and California’s CCPA privacy laws, if someone in your company (or one of your partners) misuses your data, you face steep fines. And if you are fined 4% of the topline for simple data misuse, it could bankrupt your whole company.

2. Your data breach gets media attention

A data snafu at scale is a PR disaster. It erodes consumer trust in your brand and customers’ trust in your relationship. A recent PwC report found that 69% of consumers believe that the companies they use are vulnerable to being hacked, and 87% of consumers are even willing to walk away if a data breach occurs. And that doesn’t even factor in the pricey marketing costs of rebuilding a damaged reputation.

3. Data mishandling exposes you to regulatory action

That’s right, misusing data can open you up to a whole new universe of penalties, fines, sanctions and legal costs, which can be enormous and go on for years. You could easily spend a billion dollars addressing your case — just ask Facebook about that one.

4. A data breach costs you deals

This one hits you directly in the wallet. Once you have a security situation, current business customers can shut off deals. At the very least, you’ll spend countless hours documenting your processes and reassuring partners their data and reputation are safe. And if a data-security issue leads to a court action or some regulatory action, all your business customers now have reasonable cause to back out too. Which leads to this next one …

5. Or it can cost you your entire business model

If the world decides that it just can’t afford to do things the way you’re doing them, you’ll have to change your whole model (we’re looking at you, Ashley Madison). The pivot can be an expensive and existential threat.

6. Lax security locks you out of the deal flow

Once you’re caught in a security disaster, you can be labeled as a business risk in an ecosystem. And that basically cuts you out of a marketplace.

7. Security snafus are a massive time suck

All the time and suffering a security problem demands, especially the attention of key people in the organization, can be a massive operational setback. Plus, who wants to work for a company with a bad rap? Suddenly you can’t attract or retain the most mobile and valuable talent.

8. Data breaches devalue your business

If you can’t secure your data, you won’t be able to do all the good things that can be done today with the secure application of data. And that’s the risk of not doing the right thing for the business — and not realizing your company’s full potential and upside. And that might be the biggest risk of all.

Managing all this risk isn’t easy, and there are lots of stakeholders to wrangle. But nobody’s got their eye on all the data — and all the ways data breaches could bite your company.

But there is one way to mitigate all these risks: Deploy technology that prevents risk from even being created, rather than just tools to clean up better after a breach or violation.

You want technology that does three things well:

• Enables the creation and enforcement of a digital version of the sharing agreement or contract.
• Allows the data to be processed inside a shared enclave.
• Documents every transaction and communicates to the relevant parties, so only agreed-upon recipients receive the insights from processing.

You’ll save money on legal fees and improve productivity since only the most necessary approvals will be required by expensive attorneys. And since you can now trust your data-sharing partnerships, your insights will soar along with accompanying revenues from such projects. You owe it to yourself to have a fully automated security solution that’s got your back.

Your company’s survival depends on it. source

The ‘Mother of All Breaches’ Just Happened — Here’s the Security Implications for Businesses

At the beginning of the year, Security Discovery and Cybernews researchers uncovered a dataset of 26 billion(!) leaked entries associated with LinkedIn, Twitter.com, Tencent, Dropbox, Adobe, Canva, Telegram and other platforms. Government agencies in the U.S., Brazil, Germany, the Philippines, and Turkey are also among the organizations hit by the “mother of all breaches” (MOAB).

As the investigation team reported, a significant share of information in the dataset was compromised during past data breaches. However, the stash also contains new data.

Aftermath for businesses

Simply put, this 12-terabyte behemoth will send shockwaves through the business community, posing a continual threat to personal information and corporate security.

But this is not just a breach; it’s a comprehensive toolkit for threat actors to orchestrate an endless number of cyberattacks, including identity theft. Criminals can maliciously exploit the stolen personal data from the MOAB dataset. It is a powerful weapon capable of wreaking havoc on a global scale.

So, in the coming weeks, it’s time to move to a proactive stance. Here are some signals businesses should listen to when monitoring their infrastructure:

1. Uncommon access scenarios. In light of a data breach like this, keeping a close eye on access logs for any unusual activity is critical. A sudden surge in requests or unfamiliar IP addresses could indicate unauthorized entry. Logins during non-standard hours, especially outside of ordinary business hours, may be considered malicious activity as well.
2. Suspicious account activity. In an attempt to take over the compromised account, scammers may reveal themselves through unexpected adjustments in user privileges or alterations to account roles. Frequent changes in login locations, irregular login times, and spikes in data access are also red flags.
3. Surge in phishing attempts. Massive breaches often provide fertile ground for cybercriminals to launch phishing attacks targeting employees or customers related to affected brands. Unscheduled phishing training or educational campaigns may help your staff and clients recognize phishing scams at early stages.
4. Abnormal network traffic. Another alert of malicious activity is unexplained spikes in outbound traffic and unusual communication patterns between internal systems.
5. Boost in helpdesk requests. A growing volume of user requests to the support team can also indicate a problem, especially when there is a sudden surge in inquiries related to compromised accounts or suspicious activities.
6. Customer feedback. An influx of complaints about unauthorized access, account compromises, or suspicious transactions should trigger an immediate investigation.

A new security paradigm

Unfortunately, the MOAB is just a single event in the never-ending war between cybercriminals and corporations. In an age of the constant growth of security threats, companies must develop a refined sense of foresight. Recognizing patterns and anomalies within their data is not just a skill; it’s a necessity. The MOAB underscores the importance of proactive monitoring, urging companies to invest in robust systems that swiftly detect irregularities.

Importantly, entering this new reality means that user security is again becoming more crucial than user experience. Some companies have a hard time accepting that fact. However, in the long run, it’s worth the gamble.

It doesn’t imply building a kind of imposing wall with menacing guards around your infrastructure that makes users avoid your service. The security measures you deploy can be easy to use for customers. The latest identity verification options — such as self-check-in at airports — prove the concept while staying user-friendly and secure.

Guide to the transformation

Effective information security management powered by global standards such as ISO/IEC 27001 and ISO/IEC 27002 is at the core of the process. By adhering to the standards, an organization guarantees that it has established an Information Security Management System for addressing security risks associated with data owned or managed by the company. Despite certification often being associated with enterprise-level organizations, middle-sized companies, especially those from industries where data safety matters, such as FinTech, should not skip this step. Moreover, unlike ISO 27001, you don’t need certification to prove compliance with ISO 27002, which, being more informative than regulatory, details the controls required.

Enhancing authentication policies may be the next step to take. Unfortunately, you can’t rely on your customers to be prudent while setting logins and passwords. Nevertheless, nudging them to select more advanced options is under your control.

More companies across different sectors now implement multi-factor authentication involving users’ biometrics like fingerprint scans or face recognition. With the idea of a passwordless future pushed by tech giants like Google, this approach is gradually becoming an industry best practice. On the one hand, setting a “Privacy Screen” to secure Google Drive on iOS mobile devices through Touch ID or Face ID requires additional action on the user’s end. On the other, once the feature is enabled, user satisfaction soars as well.

Finally, the adoption of liveness detection technology — both for IDs and selfies — in identity verification procedures is crucial. It helps determine whether the source of a biometric sample is a live individual, and provides evidence that a user-submitted document photo is a genuine passport or other document. Additionally, this step can be made mandatory, not only during registration for a service but also at the purchase stage. Neural networks under the hood of the liveness detection process are constantly improving, showing high accuracy rates. That also contributes to data processing speed, making it possible to perform a liveness check in seconds.

Final thoughts

The MOAB incident serves as a call to action for businesses worldwide. Unfortunately, the brand names on the MOAB list prove that there is room for improvement for all the companies, including enterprise-level. It’s more critical than ever to bolster defenses, sharpen our cyber instincts, and fortify our systems against the impending storm.

Still, there is no need to turn the sign-in or payment processes into a math quiz with a bunch of problems to be solved on the customer’s part. UX still matters, especially for companies from B2C sectors whose success is measured by the number of active users. For this reason, a mobile banking app is always more secure than an e-book subscription service. source

8 Ways a Data Breach Could Take Out Your Company Tomorrow