Security and data breaches happen every day, and these breaches do not favor any organization or industry over another. The organization ought to consider the “how” of a data or security instead of “who” to assess their exposure to a similar event. Let us face the fact, we depend on headline news of major news channels and print media to gauge the current state of the cyber security. After all, it is the source that keeps us updated. But, the fact is that only sensational, eyebrow-raising stories of data breaches occupy the headlines space and most of the breaches that happen every day never get a place in any news channels and print media.
The bitter truth is the majority of the real-life incidents aka data breaches occur quietly, in the deep, dark bowels of the organization, and are often contrasting than what we are led to believe by the major news channels and popular online media. According to the Gemalto reports, over 3.04 million records are compromised every day and the quite disturbing point is it is just a tip of the iceberg. Now it is a high time to separate facts from myths and here are the top five data breaches myths you ought to stop believing now.
Most of us believe that retail businesses hold a large set of customer data and are susceptible to data hack when compared to other businesses or sectors. As said, it is just a myth, when compared to retail businesses, a greater number of healthcare facilities fall under attack. While the demand for personal information is diminishing, demand for personal health records is rising. The hospital networks and health care insurers are cornered by the hackers, specifically in the arena of ransomware.
It is a common misconception held by people that malware acts as a key source for data breaches, ransomware and other threats. Although it is a source of data breach, the primary driver that host the data breach are phishing mails. The sophistication level of the phishing mail scam is increasing day by day and these attacks are carefully engineered by targeting a specific set of people, say employees working in a targeted organization. The only way to not fall for such scams is to become cyber aware and watch out for these type of scams that trick you into revealing your login credentials.
When we know it is just a myth, most of us feel disheartened and start worrying. The Firewall and Antivirus software are designed to block the known threats and to cover the known vulnerabilities, but not to fight against unknown threats. With a million (not an exaggeration) new malware and attacks launched every day, this software has to be updated before the latest threats are detectable and preventable. That means a counter attack has to be planned before days, weeks or months to protect the system against a threat, which is close to impossible. Hence, the only way to protect yourselves from the attack is to stop acting on suspicious e-mails.
Although the outsider attacks play a mother role in a majority of data breaches, industry experts also warned about the growing threat from inside. According to the worldwide survey of Information Security Forum (ISF), ironically, there are certain incidents where the data breaches happened due to employees negligence or lack of awareness in downloading suspicious e-mail attachments.
When it comes to healthcare data breaches, the top five data breaches that happened in the first few months of 2016 didn’t even involve malicious IT hacking. Instead, these breaches occurred due to improper disposal of data and unauthorized e-mail access. Insider threats are hard to detect and prevent. Following a good cyber hygiene is the only way to prevent accidental and unintentional data breaches.
Due to an overwhelming number of data breaches that have happened over past few years, people have started believing that these breaches only happen to get Personally Identifiable Information (PII) as there is a huge demand for this information in the black market. But the fact is hackers are not only after PII, but also working on data targets, like stealing healthcare information, proprietary data, financial data, and other high-value targets.
Publisher