2017 was a banner year in cybersecurity for both the right and wrong reasons. We saw an influx of companies embracing stepped-up authentication strategies, including biometric authentication, to enhance security and improve end-user privacy. But we also saw a rise in cyber attacks and severe data breaches. Worst of all, many of the biggest breaches were perpetrated by a simple failure to follow proper security procedures.
The Bigger They Are…
The most newsworthy, and frightening, breach of the past year was the Equifax leak. It was a lesson in both what not to do with customer data, and how not to respond to a breach. The Equifax website had an identified web-application security flaw that the firm failed the patch for two months. The breach easily let hackers access the firm’s databases and steal the financial data of more than 143 million Americans.
What’s worse is how Equifax handled the breach though. The firm failed to report the incident for a full two months after detecting it, allowing more time for the data thieves to leverage consumer data before they had time to protect themselves. And, once they did reveal the breach, the firm sent consumers to the wrong link to check if they’d been compromised and in general handled the publicity of the event very poorly. Even then, after fixing the link, the company made those checking to see if they were compromised enter their information into an unsecured site – then offered them Equifax’s standard credit protection for a fee. The company later apologized and offered free credit monitoring and freezes for those who wanted them.
Equifax may be the poster child for who not to imitate when it comes to a data breach, but the company wasn’t even the biggest breach in 2017.
The Harder They Fall
Beyond Equifax, three firms saw massive breaches: Deep Root Analytics, River City Media, and an online spam group called the Onliner Spambot. All three had databases compromised after failing to properly secure access to them, leaving the records of millions vulnerable. From email addresses to voter information, the three companies account for more than 1.3 billion records compromised in 2017, possibly more.
Other high profile companies saw major breaches in 2017 as well, including ride-sharing giant Uber and Verizon. From the Uber hack, 600,000 drivers had their Social Security numbers potentially compromised, while at Verizon, the stolen data could lead to further threats that are yet unknown.
Down the Data Breach Spiral
For any organization, a data breach could be a death knell. From the public fallout to the financial impact of recovery, only companies with a comprehensive cybersecurity strategy are often able to survive. The fate of these companies often relies on their ability to react quickly and well, and how willing they are to change their approach to security afterward. Avoiding a breach in the first place requires a heavy commitment to strong authentication as part of identity and access management, turning away from password-based security in favor of multi factor authentication, biometrics, and other next-generation tools.