Category: Data Breach

November 11, 2019

The Unseen Consequences of Data Breaches

It’s no secret that the costs associated with data breaches are trending upward at alarming rates. Just this year, IBM’s annual Cost of a Data Breach Study found that the average cost of a single data breach is approaching $4 million. Although IT repair, identity monitoring services, and regulatory fines quickly make their way to financial statements, others covertly chip away at the bottom line over time. Simply put, it’s not enough to add up the quantifiable costs of a breach when assessing the ROI of cybersecurity in the equation. Companies must also factor in the unseen consequences of a data breach, which can often result in even more damage than initial costs. Patching up vulnerabilities and offering free credit monitoring as a post-breach response only treats the symptoms, while the underlying disease continues to progress. Keep reading to learn about four cascading consequences of data breaches that can impact your company in the long run. #1 Reputational Damage Reputational damage and brand erosion in the wake of a breach is not easily measured, as it is carries on for years after news of an attack. The Ponemon Institute estimates that 65% of data breach victims lose their trust in a brand after a data breach. Even worse, consumers voice their displeasure within their circles, a phenomenon that is magnified with the advent of the internet. Interactions Marketing notes that 85% will tell others about the breach, and more than 30% will take to social media to complain about the company. For today’s consumers, a data breach is akin to a scarlet letter that can brand a business for years. Whether it’s an SMB or large corporation, the efforts to overcome this stigma greatly outweigh the costs of protection, since companies often don’t always have a say in whether or not customers will give them a second chance. #2 Customer Attrition As frightening as it may sound, today’s consumers do not forgive companies that cannot protect their data and are increasingly more likely to stop spending altogether after a breach. A recent study by Business Wire found that 81% of consumers would stop engaging with a brand online following a breach, destroying years of relationship-building and promotional efforts. In fact, 80% of customers are willing to take their business elsewhere. Ultimately, customer rejection can be the proverbial nail in the coffin that prevents companies from ever truly recovering from a data breach. It’s estimated that 60% of SMBs fold within six months of a data breach. As one enraged Equifax consumer told The Wall Street Journal, “if I can’t trust Equifax to do their own job, I’m not going to hand them my money and say, ‘Hey, watch this for me.’” This customer’s sardonic take serves as an eerie warning to all businesses: data breaches have lasting effects. #3 Continued Attacks Companies compromised by a data breach can find themselves or their customers victimized again in the future. The rise of credential stuffing attacks makes it increasingly likely that hackers will apply previously stolen data to easily access accounts and IT infrastructure, often without detection. Nearly a quarter of all data breaches occur due to stolen credentials, and successive attacks only make reputational recovery and renewed customer confidence more difficult to achieve. Find out how Dark Web ID™ can shield your organization from credential stuffing attacks here: https://www.idagent.com/dark-web/ #4 Increased Premiums Cybersecurity insurance are becoming a widely adopted practice within the industry, yet their value can be easily skewed. As we reported last month, such plans do not holistically cover the cost of a data breach. As more customers cash in on these insurance plans, the costs increase and companies that file a claim can expect their premiums to rise. Moreover, many businesses discover that their policies provide insufficient protection against financial loss, as insurance companies battle to restrict payouts. In one case, a cyberinsurance company only agreed to pay $50,000 on damages to a company that exceeded $2 million. Cybersecurity insurance is by no means a “silver bullet” and could even invite additional costs after a data compromise. Applying the best solution Although the unseen consequences of a breach may appear worrisome, we’re not here to spell out doom and gloom. By being proactive, you can protect your institution from being victim to a breach, and future-proof yourself in the event of an attack. Cybersecurity needs to be a bottom-line, top priority at every company. Especially for SMBs who often lack the financial and personnel resources to recover from a breach, partnering with a managed service provider can provide the oversight and protection needed to navigate today’s digital environment. ID Agent provides a comprehensive set of people-centric cybersecurity solutions to private and public sector organizations worldwide. See how you can leverage solutions for Dark Web Monitoring, password management, and employee training to safeguard your customers, employees, and organization from breach. Resources https://www.ibm.com/security/data-breach https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf https://www.interactionsmarketing.com/press-releases/interactions-finds-45-percent-of-shoppers-dont-trust-retailers-to-keep-information-safe/ https://www.businesswire.com/news/home/20191022005072/en/ https://www.forbes.com/sites/forbestechcouncil/2017/12/08/mind-the-trust-gap-how-companies-can-retain-customers-after-a-security-breach/#2235b64f6c95 https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html https://www.wsj.com/articles/the-capital-one-hack-life-in-the-time-of-breach-fatigue-11564824600 https://info.idagent.com/blog/stop-credential-stuffing-attacks https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://info.idagent.com/blog/the-week-in-breach-09/25-10/01/19 https://slate.com/technology/2018/07/cyberinsurance-company-refuses-to-pay-out-full-amount-to-bank-after-hacking.html

Read More
July 31, 2019

Capital One Suffers Massive Data Breach

There was a time when bank robbers resembled the stereotype of a bandit or a pirate. In reality, modern bank robberies are much less like an Ocean’s Eleven movie and more of a person sitting behind their desk eating yogurt and probing networks for vulnerabilities. While we can’t verify the type of food that was eaten during the recent Capital One Financial Corporation breach, we do know what was taken and how. Paige Thompson, AKA “erratic,” a former software engineer, stole more than 100 million Americans’ information and another 6 million Canadians’ sensitive information in the breach. Capital One was made aware of a configuration vulnerability on July 17th when an ethical hacker discovered the data on Github and reported it to the bank. While investigating and fixing the vulnerability, the bank revealed that a third party had gained access to their system in March of this year. Capital One immediately fixed the vulnerability and contacted the FBI to conduct a criminal investigation. The list of information stolen is not pretty and is quite long. Compromised data includes: Names, dates of birth, phone numbers, email addresses, home addresses, zip codes/postal codes, self-reported income, credit card application data, credit scores, credit limits, balances, payment history, transaction data, US Social Security Numbers, bank account numbers, and Canadian Social Insurance Numbers, It should be noted that Capital One responded immediately to this breach and has since strengthened its cybersecurity defenses, but one cannot help but wonder how that much sensitive data was exposed on a popular public website from March to July without the bank realizing it was missing. Not only that, but what if the hacker decided to sell the information in a more secure location such as the Dark Web. Fortunately, the main suspect behind this digital bank heist was apprehended quickly. Today’s robberies may use less dynamite and guns, but the catastrophic effects are typically long-lasting and far-reaching. Now more than ever, individuals and businesses need to take responsibility for proactively protecting their digital credentials and assets. ID Agent provides monitoring and alerting for businesses when their employees’ credentials have become exposed on the Dark Web by offering Dark Web ID™ through the MSP channel. We also offer personal identity monitoring through our MSP Partners so that individuals can have peace of mind that they are covered when data breach occurs. SpotLight ID™ can be purchased directly from MSPs by individuals, or by business owners as a tax-free employee benefit. Contact [email protected] to learn more.

Read More
May 30, 2019

You’ve Been Breached: Now What?

So you’ve been breached. Now what? Once the dust has settled use it as a learning opportunity & tune up your cybersecurity plan. We can help.

Read More
September 08, 2017

Equifax’s Giant Security Breach – Inside Job?

Equifax’s giant cybersecurity breach announced yesterday – one of the worst ever – compromised the personal information of almost half the U.S. – potentially 143 million Americans. Residents in the U.K. and Canada were also affected. Based on Equifax’s investigation, the unauthorized access occurred from mid-May through July 2017.

Read More
June 16, 2017

63% of Data Breaches Result From Weak or Stolen Passwords

In its recent 2016 Data Breach Investigations Report, Verizon Enterprise confirmed many industry trends that we see at ID Agent every day. The most glaring blind spot for organizations is how stolen credentials are the primary means by which hackers exploit their vital systems.

Read More
April 27, 2017

The Anatomy of an Email Data Breach

Verizon’s recent announcement of a data breach in their Enterprise Solutions unit is just the most recent of a staggeringly high number of organizational data breaches in the U.S.

Read More
April 20, 2017

How to Identify and Prevent Insider Data Breaches

A little known fact about corporate identity theft is that a large percentage of data breaches originate inside the organization’s walls. A recent report by Intel estimates that 43% of data breaches are the result of insider threats. Half of the insider breaches came from employee negligence and half came from malicious actions.

Read More
March 06, 2017

Speed: The Crucial Element in Data Breach Detection and Response

If you think you’re immune from hackers, consider this USA Today headline from March 25, 2016:1.5M Customers of Verizon Anti-Hacking Unit Hacked. We bring this headline to your attention not to cast aspersions on Verizon, but to illustrate that no organization is immune from hackers.

Read More

Please fill in the form below to subscribe to our blog