If data breaches appear to be happening more often it’s because they are. Cybercriminals are ramping up their attempts to steal and extort companies, which often hold consumer Personal Identifiable Information (PII), Personal Health Information (PHI) and their own intellectual property. In fact, PII and organizational intellectual property were among the most targeted data types in 2022.
Company networks are a wealth of Social Security numbers, contact information, addresses and potentially even payment information. While consumers can be clever with their online presence and increase personal cyber hygiene, organizations should take the lead towards investing in innovative security solutions that prevent criminals from ever entering their systems, as well as developing a comprehensive ransomware defense plan.
Data Breaches Happen
Data breaches happen year-round, meaning security teams and their organizations need to know what they’re up against and how to respond. Cybercriminals are taking steps to steal valuable data before releasing ransomware that notifies organizations of their presence. In a recent study, the ‘State of Data Exfiltration & Extortion 2022’ report, 70% of respondents deployed multiple traditional security solutions covering prevention, detection, recovery, backup and even traditional encryption technologies. While this may paint a grim picture for companies seeking to defend against cyberattacks, much of the battle is simply understanding how data breaches occur, how to defend against them and employing data security solutions that neutralize these attacks in the worst-case scenario.
Ransomware attacks often happen in three stages: infiltration, data exfiltration and system lockup via encryption.
Should bad actors succeed at any of these stages there is the potential for a resulting data breach and, ultimately, exfiltrated data that could be used to leverage victims further.
The Longevity And Reach Of A Data Breach
Stolen data can cause ripple effects spanning years because of cybercriminal access to sensitive information in clear-text format. Credentials such as emails, names, phone numbers and more could now be in the hands of malicious attackers or online for purchase on the dark web. Regardless, this information could then be used to impersonate customers and breach outside systems successfully. This results in a possible waterfall of breaches that could last years after the initial breach. If PII or PHI is involved, this risk increases. Organizations that suffer a data breach could also experience double extortion, meaning they could demand ransom in exchange for initial system recovery and a second round of extortion later. And in all of this, individuals whose PII was breached will always have the potential to be used against them later, leaving them vulnerable and with a poor image of the impacted company.
Some notable data breaches where the impact extended beyond the initial breach or directly impacted customers:
- The 2017 Equifax Breach resulted in millions of Americans signing up for Identity Monitoring Services.
- The 2015 U.S. Office of Personnel Management Breach ultimately spanned from 2013 to 2015 and left millions of public sector employees with their PII stolen. Furthermore, this information is still out there and hasn’t resurfaced.
- The 2019 Facebook Breach and subsequent data leak in 2021 led to millions of individuals’ account information on the dark web.
Neutralizing The Inevitable
Companies are constantly collecting consumer information, and this is unlikely to change. Likewise, cybercriminals will always exist and covet leverageable data. The reality is these attacks are inevitable and are increasing in frequency, according to the ‘State of Data Exfiltration & Extortion 2022’ report. In the previous five years, cases of data exfiltration as part of ransomware attacks have increased by 106% and rising. In 2023, another study conducted reports 41% of respondents expect large corporations to be the most targeted entities this year.
At this rate, data breaches are an inevitable part of the cyber world, and organizations must adapt and overcome these security threats. It is no longer ‘if’ but ‘when’ an organization will fall victim to a data breach and subsequent exfiltration.
How can companies respond?
First and foremost, security teams should begin looking towards prevention and detection solutions that will identify initial attacks and limit blast radius impact. Following this, investment into data security solutions that include advanced options like encryption-in-use technology alongside traditional encryption methods (at rest and in transit) will neutralize any potential data-related leverage, double extortion, or the possibility of data stolen unencrypted even in cases where bad actors abuse valid administrator credentials. Finally, in the worst case, organizations should always have access to backup and recovery tools that enable system restoration and deny cybercriminals their demanded ransoms.
Data privacy is not just a privilege but a right for companies and their customers. By investing in security solution technologies that are innovative and proven to neutralize the impacts of data breaches, such as data-in-use encryption, companies can protect their reputation, their customers, and themselves from the devastating consequences of a data breach.
Arti Raman is the Chief Executive Officer and Founder of Titaniam, a cutting edge data protection company that enables enterprise data to become immune to ransomware attacks, insider threats, or misconfigurations. She is a seasoned executive and entrepreneur who combines intelligence, creativity, and strong process with exceptional people skills. Arti has worked with complex enterprise software for over 20 years including information security, risk management, financial performance management and CRM.