Remember, this only counts reported breaches. Marriott, for example, didn’t detect its breach for FOUR YEARS. And tens of thousands of breaches likely go both undetected and unreported.
The midyear data breach review by Risk Based Security said there were 3,816 breaches REPORTED in the first half of 2019, up 54% from the first half of 2018.
Those breaches exposed 4.1 billion records, up 52% over the same time last year. 3.2 billion of those records were related to 8 big breaches but that still doesn’t account for the uptick in the number of breaches reported.
This means a couple of things:
The hackers are still winning this war and with billions of passwords compromised, that is unlikely to get better any time soon.
It also means that as consumers, we need to be aware of these breaches and the impact that they might have on us. That includes watching for breach announcements, changing passwords and using two factor authentication. It also means being alert to scams and attempts to compromise your devices and your accounts. Remember that if hackers empty your bank account or retirement account, you are unlikely to be pleased.
Finally, it means that businesses need to up their game. Businesses are almost always the target of attackers. Businesses of all sizes from Equifax to a mom and pop retailer are all potential attack targets. This is because that almost all attacks are not targeted. The Sony attack was targeted. Attacks on the Defense Department are targeted. Beyond that, not much is targeted.
The challenge for small businesses (meaning a couple hundred employees or less) is that they don’t have either the technical resources to DETECT the attacks or the financial resources to deal with the attack. Some do go out of business.
Regarding technical resources, that likely means paying outside experts. While no one likes spending money, it is almost always less expensive to spend that money to avoid an attack rather than spending it to fight an attack. And there is way less brand damage in preventing an attack.
If you were not successful in preventing an attack then insurance does HELP pay to mitigate the consequences – assuming you have the right kind of insurance and we often see that businesses do not have the correct insurance.
Bottom line here is that it is only going to get worse – kind of like traffic – so hoping that the problem will go away is likely not an effective solution.
Source: SC Magazine.