Data breaches destroy businesses. How to protect your organization.
How to avoid data breach fines, penalties, stock price drops, and reputational damages that can shutter business to total destruction.
A data breach comes as a result of a cyberattack or insider actions that allows criminals to gain unauthorized access to a computer system or network to compromise or steal the private, proprietary, sensitive, or confidential personal, corporate, and financial data of the users, customers or the business enterprises.
Data breaches are no longer novel and unexpected due to the intensity and volume of attacks, which are growing from year to year. According to a recent data security reports by Cisco, 31% of organizations have at some point encountered cyber-attacks on their operations technology.
Why should businesses be aware of data breach and hacking?
Enterprises suffer tremendous damage and in some cases the complete destruction of the business because of a number of factors, which are outlined below.
1. Fines & Penalties.
Fines and penalties for data breaches are often substantial and extremely damaging. For example, violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater. In the USA there are numerous federal and state regulators that apply fines and penalties for a data breach, which can be substantial in size and with similar business impact compared to the GDPR.
2. Equity and M&A deals.
Compromised companies very often suffer a loss in value after the data breach. One illuminating case of a well-known company that experienced an eye-watering financial loss related to a data breach, is a Yahoo.
Verizon bought Yahoo $300 million cheaper because of the damage caused by a massive and untimely data breach of nearly 500 million records of users, including personal data like name, surname, dob, IP addresses, email addresses, logins, passwords, telephone numbers, birth dates, potentially calendars, contacts, and other sensitive information.
Clearly, data breach prevention is a top priority when planning M&A deals but there is more.
3. Negative impact on share prices.
Share prices are very sensitive to data breach because of potential regulatory penalties, consumer and client compensation claims, the cost of cyber forensics, system overhauls, and legal expense can be substantial and will most certainly contribute to a reduced share price, short-term and long-term. The impact can be, and often is, brutal and painful. The recent CapitalOne Bank data breach comes to mind.
According to the Wall Street Journal, Capital One Shares Fall Nearly 6% After Breach.
Among the personal data exposed were names, addresses, dates of birth, credit scores, transaction data, social security numbers, and linked bank account numbers. About 140,000 Social Security numbers and 80,000 linked bank account numbers were exposed.
In addition to the drop in share price, according to Fortune magazine, Capital One’s data breach cost the company up to $500 million in fines.
A drop in stock value as a result of a data breach may indicate a long-term issue with investor trust as a result of cybersecurity incidents, especially if they reveal a lack of adequate care or security practices. Such perceptions cannot be addressed overnight and require a huge amount of resources to overcome them.
4. Reputational damage.
The above-mentioned impact on investor confidence before is just the tip of the iceberg when it comes to reputational damage, negative impact on the brand and customer confidence and willingness to trust the enterprise with their personal or sensitive business data going forward. Researches show that reputational damage triggers financial losses to the organization and sometimes results in the company’s total liquidation.
Who is behind the Data breach
According to the Verizon Data Breach report, 28% of all data breaches involved internal actors. While malicious outsiders (72%) were the leading source of data breaches, these made up only 23% of all compromised data. On the other hand, insiders accounted for 76% of all compromised records. The insider threat is indeed substantial.
Insider threat
Insiders pose a significant threat to an organization’s cybersecurity. They have a number of advantages over outside attackers, as they have legitimate access to the organization’s network and know its cybersecurity system from the inside.
A recent and informative example of the data breach by an insider is the Wells Fargo case. Wells Fargo insider fraud by employees that created almost two million client accounts to enhance the books, their compensation and in some cases unauthorized employee personal credit accounts. Wells Fargo’s clients took notice when they received charges for fees they did not anticipate, together with credit or debit cards that they did not authorize. This insider fraud was engineered by particular managers of the bank in collaboration with other bank employees and led to the CFPB fining the bank an estimated $100m and nearly $3bn financial impact to CapitalOne when the losses and fines were finally totaled.
Outsider threat
Outsider threats are those that come from outside of the organization. They can be from hacktivists, other nation-states, white / red / green / black hat hackers, or even your competitors. Nation-states seek an economic or military advantage, while “white hat” hackers want to expose your company’s vulnerabilities so you can set about fixing them. Other threats include hackers competing to expose vulnerabilities for a prize or reward and cybercriminals trying to access sensitive information for financial gain.
Data breaches are growing
The statistic shows the growing number of data breach incidents and the number of compromised records by year. Besides, the average cost of the data breach grows.
According to a study conducted by the Ponemon Institute and sponsored by IBM, the global average for breached records in 2018 was 24,615 per country, while 31,465 records were breached in the United States during the 12 months of the study review. The study also found that the average size of a data breach rose by 2.2 percent in 2018.
Over the past two years, the number of data incidents reported to the Information Commissioner’s Office (ICO), the UK’s data security authority, increased by 75 percent. In the United States in 2017, the number of significant breaches totaled more than 1,300 compared to less than 200 in 2005.
Clearly, data breaches are increasing. But how to protect the business?
How to protect your business
To avoid data breach fines, penalties, stock price drops, and reputational damages that can drive business to liquidation, the business should implement the best security practices, protecting themself from both insider and outsider threats on both technical and non-technical sides.
Non-technical measures of the data breach prevention in the organization should include: set up corporate data security and management standards, follow GDPR / DPP and other national or state data protection and privacy regulations, educate employees on data breach threats and potential consequences of data leakage for the company and participants of the crime, enforce a strong Bring-Your-Own-Device policy, hire a data security and compliance officer, design a breach response plan, notify your team about the social engineering, phishing, viruses, and malware threats, etc.
Technical measures should include corporate antiviruses, firewalls, behavior analytics & reporting, data encryption, decentralized data storage, 2-factor authentication for accessing the data. Since one of the main sources of problems related to a data breach is that the sensitive information is stored unencrypted in easy access within centralized databases, where it can be easily stolen or compromised by insiders or hackers, the blockchain technology is becoming indispensable.
Multi-decentralization.
Let’s compare the traditional way of data transferring and storage and the Optherium's Multi-decentralized private blockchains network approach. The first difference is how data is transferred. In traditional systems, there is a single channel between client and server which is vulnerable to Man-in-the-Middle type of attacks. In our approach data is never transferred in raw form between the client and server or server and processor. Data is split into informationless portions on the client-side. Each data portion is then transferred by an individual channel.
On the server-side in traditional systems, data is stored in one centralized database. Developers and system administrators cut off unnecessary permissions to this data. However, it’s very hard to handle all penetration cases and vectors of attack. Moreover, the whole monolith of data is vulnerable to breach, as in the case of the Marriott data breach of 500 mln individuals. In our DataVault technology, there is no single point of breach. By default, only the owner of the data or his designee has access to it. Each file is an individual asset with individual privacy permissions, so it’s not possible to steal the whole database at once. Any pieces of compromised data are undecryptable without the rest pieces and permissions and look meanless to a hacker and have zero value.
Datavault Storage SaaS by Optherium Labs
Datavault Storage is a private blockchain-based data management system, that allows businesses to securely encrypt, store and manage sensitive data and access to it in the corporate unhackable multidecentralized private distributed ledgers.
Datavault Storage SaaS acts as a stand-alone program and as an add-on to an existing data storage of organization and allows users to seamlessly launch a multidecentralized private blockchains network and integrate data protection system in any business model.
Datavault was designed for enterprises, banks, and governments to avoid data breaches, hacking, and comply with the data protection regulations.
How does it work?
Datavault is a native desktop and mobile applications for Windows, iOS, Android and Linux OS, which adds an unhackable secure virtual cloud Datavault drive to the existing file system on the computer and phone. To use the system, two applications have to be installed: desktop and mobile. The desktop application is the gateway to the Datavault drive and the mobile app is verifying the access with users’ biometry to grant permissions to the desktop app and the data.
After installing the apps, the user can upload or drag and drop files and databases to drive. Datavault will automatically shred, encrypt and distribute protected data pieces across the numerous unhackable distributed ledgers. Datavault has pointers to the data in the Optherium blockchain, and each pointer is indicating the way to reassemble the data from pieces into one file from multiple clouds and multiple geographical locations
Biometry and Multi-signature logic
To access the Datavault, users have to verify on the mobile phone his/her biometry as it is one of the multiple keys to a Datavault. To access corporate sensitive data from the Datavault, the user needs to get permission from other colleagues, that have the right to give permission and are holders of the rest of the keys. These people received a notification on their phones and also must verify their biometry to sign off on granting access to a user. Three keys out of five needed to unlock access to the required data.
Shifting liability to a user
In comparison to Google Drive and OneDrive that are storing the data and managing the security of the user, Datavault managing security on a client-side, shifting the liability of accessing the data to a user and protecting data on multiple levels: client, server, blockchain, encryption, biometry and etc. Datavault operates in a passwordless environment, where biometry and 2-factor-authentication plays a role of keys to access the data. No longer can anyone access the data without permission from the network members and private key holders. And, again, any pieces of compromised data are undecryptable without the rest pieces and permissions and look meanless to a hacker and have zero value.
Protect your business from employees and outsider threat
Most data breaches and risks involve malicious employees, espionage, use of stolen credentials, brute force, abuse of functionality and others may be totally eliminated by adopting non-technical and technical measures.
The Enterprise edition of Datavault storage will enhance corporate security and compliance and will allow your company to securely manage sensitive data and access to it in an unhackable passwordless environment.
---
#datasecurity #security #fintech #blockchain #regtech #digitalbanking #biometrics #banking #bankingservices #finance #platform #ecosystem #iban #prepaidcard #business #multidecentralization #optherium #optheriumlabs #whitelabel #neobank #challengerbanks #centralbank #government #fortune500
Sources: IBM Cost of a Data Breach Study 2019 - shorturl.at/jtQ26, Ponemon Data Breach Impact Study 2017 - shorturl.at/krJU4, Verizon Data Breach Investigations Report 2019 - shorturl.at/nFMVW, The Wall Street Journal - shorturl.at/fhrBD, Forbes - shorturl.at/pwFR1, Statista - shorturl.at/hsAKV
---
Optherium website - https://optherium.com/
Serge Beck - https://www.dhirubhai.net/in/serge-beck/