In .66 seconds, the term 鈥榙ata breach鈥 returns more than 144 million results on Google. As professionals in the industry, we hear about it every day, but I want to dig into what this really means for the world at large, together.
A data breach as is 鈥榓 breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.鈥
There are two words we鈥檙e focusing on here, and they are destruction and loss. From there, we鈥檒l get to the happy part鈥 I promise!
Traced back to a Chinese intelligence group seeking to learn more about U.S. citizens, Marriott鈥檚 infamous breach was not uncovered until 2018, four long years after their network was first compromised. During that time, including through their acquisition of Starwood hotel brands, one of the was being committed.
The credentials, passport numbers, credit card numbers, and personal information was stolen and exploited from approximately . The destruction this breach caused has rippled into U.S. and foreign politics via the and is ultimately resulting in potentially one of the biggest trade deals ever made.
Meanwhile, Michael Kovrig鈥搘ho is a Senior Advisor of the International Crisis Group, former Canadian diplomat, and a loving husband and son鈥揾as been on politically motivated charges tied to the unraveling of this very messy and complex data breach. He鈥檚 been allowed one phone call to speak with his father, whose health is in severe decline.
Circling back to this word destruction 鈥 where, and how do we begin to count the losses and tally damages? Is it in dollars and cents, the psychological impact and loss of trust, rebranding efforts, or the actual lives and families deeply impacted by this event?
It seems nearly impossible to quantify the cascading effect this breach will continue to have, but one single fact remains the same: it could鈥檝e been prevented.
We know this because, in early 2020, the entry point was a result of two of their employee鈥檚 login credentials being compromised, allowing the malicious actors to ultimately gain access to back-end systems. This was the second security breach Marriott had disclosed in the past 18 months prior to this event.
Aside from the financial loss, loss in business, and the loss of trust and a solid reputation when a data breach occurs, there is a much bigger and all-encompassing loss that involves everybody, even those unaffected by certain breaches like the one we just talked about.
The that by the end of this year, a quarter of the world鈥檚 population will have been affected by a data breach. I did the math (so you don鈥檛 have to) that is almost two billion people who may lose money, financial autonomy and security, and general peace of mind. Not to mention, 60% of SMBs close within six months of a data breach, with the average cost of a breach in the U.S. climbing to nearly $8 million as reported by the .
Entire businesses are being lost and brands tarnished due to cyber attacks, but what are these companies doing wrong?
In the first half of that same year, social media breaches alone accounted for about 56% of the more than four billion data records compromised. It鈥檚 now 2020, and more often than not, you sign up for an app that鈥檚 meant to connect you with friends or improve your life in some way, and it somehow results in the non-consensual loss of your privacy and personal information.
Aside from facilitating the loss of your personal information, they鈥檙e not working with law enforcement when they discover the crime. While it鈥檚 become instinctual to dial 911 if someone physically breaks into your home or car, behavior trends in the opposite direction when it comes to cyber crime, which is unfortunate because when businesses act quickly, the Bureau鈥檚 Recovery Asset Team (RAT) reports .
So, in many cases people don鈥檛 report breaches unless they are forced to. What I mean by that is compliance regulations, contracts, and other policies force reporting, but it鈥檚 not enough. So much slips through the cracks unnoticed to anyone but the victim. Because of this, law enforcement agencies across the planet are generally unsure of how many cyber crimes are being committed, which leaves everyone at stake on an individual level.
IC3, or Internet Crime Complaint Center, is another branch of the FBI that accepts internet crime complaints online from either the actual victim or from a third party to the complainant, giving everyone the opportunity to come forward and get help if they believe they鈥檝e been victimized. While , the Bureau estimates only 15% of victims actually report crimes.
Here, alongside all the money, data, and trust, we also suffer a massive loss of opportunity for cybersecurity companies and law enforcement agencies of all kinds to make a difference and create a safer internet landscape for everyone.
On both the individual and corporate level, why is this the case?
In my opinion, it stems from a lack of awareness. A lack of awareness around personal and professional security best practices, and general ignorance towards the very real threats that exist online. If you鈥檙e in cyber, then you know. And, if you鈥檙e not, chances are, you鈥檙e blissfully ignorant until your credit card has been maxed out by someone across the globe burning through penthouse suites or pairs of shoes
杏吧传媒鈥檚 Managed Security Awareness Training episodes are an engaging and eye-opening animated mini-masterpieces that brings to light powerful concepts while busting myths like, 鈥渘obody would want to hack me鈥 and 鈥渕y company is too small.鈥 Most importantly, they brilliantly teach core concepts, like how to spot a phishing email, how to create a strong password, and why you should use multi-factor authentication in a digestible and memorable way. Employees deserve this quality of training as a basic right.
To put it all together 鈥 defending against these cyber threats is not optional, it鈥檚 a requirement of everyone. And there鈥檚 a lot of potential destruction and loss at stake without this kind of information readily available.
I believe that 杏吧传媒 has the unique opportunity to become best known for our integrity and commitment to being helpful for security awareness training. As one of our customers said: 鈥淚t鈥檚 nice to see good people doing good work in the cyber space.鈥 Instead of hacking people live on stage at DEFCON, we can just be helpful. We can educate everyone by working together.
As colleagues, we鈥檝e officially navigated through a monumental global crisis. I believe that we as a unit can make a positive difference for people across the globe.
The cyber security community at large, working together, can create a positive ripple effect that, similar to data breaches, would be too vast and impactful to measure.
To learn more about 杏吧传媒 Managed Security Awareness Training, try it for free and see how you can better defend yourself and your organization from a data breach.
Get insider access to 杏吧传媒 tradecraft, killer events, and the freshest blog updates.
