Inside the Ink

November 20, 2019

The Week in Breach: 11/13/19 – 11/19/19

This week, ransomware erodes profitability, healthcare providers struggle to protect PII, and data breaches officially reach an all-time high.

Read More
November 13, 2019

The Week in Breach: 11/06/19 – 11/12/19

This week, healthcare data is targeted by cyber criminals, lax account security compromises PII, and Australian cybersecurity specialists are on the verge of burnout.

Read More
November 11, 2019

The Unseen Consequences of Data Breaches

It’s no secret that the costs associated with data breaches are trending upward at alarming rates. Just this year, IBM’s annual Cost of a Data Breach Study found that the average cost of a single data breach is approaching $4 million. Although IT repair, identity monitoring services, and regulatory fines quickly make their way to financial statements, others covertly chip away at the bottom line over time. Simply put, it’s not enough to add up the quantifiable costs of a breach when assessing the ROI of cybersecurity in the equation. Companies must also factor in the unseen consequences of a data breach, which can often result in even more damage than initial costs. Patching up vulnerabilities and offering free credit monitoring as a post-breach response only treats the symptoms, while the underlying disease continues to progress. Keep reading to learn about four cascading consequences of data breaches that can impact your company in the long run. #1 Reputational Damage Reputational damage and brand erosion in the wake of a breach is not easily measured, as it is carries on for years after news of an attack. The Ponemon Institute estimates that 65% of data breach victims lose their trust in a brand after a data breach. Even worse, consumers voice their displeasure within their circles, a phenomenon that is magnified with the advent of the internet. Interactions Marketing notes that 85% will tell others about the breach, and more than 30% will take to social media to complain about the company. For today’s consumers, a data breach is akin to a scarlet letter that can brand a business for years. Whether it’s an SMB or large corporation, the efforts to overcome this stigma greatly outweigh the costs of protection, since companies often don’t always have a say in whether or not customers will give them a second chance. #2 Customer Attrition As frightening as it may sound, today’s consumers do not forgive companies that cannot protect their data and are increasingly more likely to stop spending altogether after a breach. A recent study by Business Wire found that 81% of consumers would stop engaging with a brand online following a breach, destroying years of relationship-building and promotional efforts. In fact, 80% of customers are willing to take their business elsewhere. Ultimately, customer rejection can be the proverbial nail in the coffin that prevents companies from ever truly recovering from a data breach. It’s estimated that 60% of SMBs fold within six months of a data breach. As one enraged Equifax consumer told The Wall Street Journal, “if I can’t trust Equifax to do their own job, I’m not going to hand them my money and say, ‘Hey, watch this for me.’” This customer’s sardonic take serves as an eerie warning to all businesses: data breaches have lasting effects. #3 Continued Attacks Companies compromised by a data breach can find themselves or their customers victimized again in the future. The rise of credential stuffing attacks makes it increasingly likely that hackers will apply previously stolen data to easily access accounts and IT infrastructure, often without detection. Nearly a quarter of all data breaches occur due to stolen credentials, and successive attacks only make reputational recovery and renewed customer confidence more difficult to achieve. Find out how Dark Web ID™ can shield your organization from credential stuffing attacks here: https://www.idagent.com/dark-web/ #4 Increased Premiums Cybersecurity insurance are becoming a widely adopted practice within the industry, yet their value can be easily skewed. As we reported last month, such plans do not holistically cover the cost of a data breach. As more customers cash in on these insurance plans, the costs increase and companies that file a claim can expect their premiums to rise. Moreover, many businesses discover that their policies provide insufficient protection against financial loss, as insurance companies battle to restrict payouts. In one case, a cyberinsurance company only agreed to pay $50,000 on damages to a company that exceeded $2 million. Cybersecurity insurance is by no means a “silver bullet” and could even invite additional costs after a data compromise. Applying the best solution Although the unseen consequences of a breach may appear worrisome, we’re not here to spell out doom and gloom. By being proactive, you can protect your institution from being victim to a breach, and future-proof yourself in the event of an attack. Cybersecurity needs to be a bottom-line, top priority at every company. Especially for SMBs who often lack the financial and personnel resources to recover from a breach, partnering with a managed service provider can provide the oversight and protection needed to navigate today’s digital environment. ID Agent provides a comprehensive set of people-centric cybersecurity solutions to private and public sector organizations worldwide. See how you can leverage solutions for Dark Web Monitoring, password management, and employee training to safeguard your customers, employees, and organization from breach. Resources https://www.ibm.com/security/data-breach https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf https://www.interactionsmarketing.com/press-releases/interactions-finds-45-percent-of-shoppers-dont-trust-retailers-to-keep-information-safe/ https://www.businesswire.com/news/home/20191022005072/en/ https://www.forbes.com/sites/forbestechcouncil/2017/12/08/mind-the-trust-gap-how-companies-can-retain-customers-after-a-security-breach/#2235b64f6c95 https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html https://www.wsj.com/articles/the-capital-one-hack-life-in-the-time-of-breach-fatigue-11564824600 https://info.idagent.com/blog/stop-credential-stuffing-attacks https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://info.idagent.com/blog/the-week-in-breach-09/25-10/01/19 https://slate.com/technology/2018/07/cyberinsurance-company-refuses-to-pay-out-full-amount-to-bank-after-hacking.html

Read More
November 06, 2019

The Week in Breach: 10/30/19 – 11/05/19

This week, negligence compromises user data, hackers attack digital points of sale, and SMBs struggle to hire top cybersecurity talent.

Read More
October 30, 2019

The Week in Breach: 10/23/19 – 10/29/19

This week, ransomware stops a business from shipping products, spear phishing campaign costs a local government thousands, and executives continue to ignore spooky cybersecurity risks.

Read More
October 24, 2019

How to Stop Credential Stuffing Attacks

A quick glance at recent reports or news headlines paints a dismal picture of the data breach landscape in 2019. Both by the measure of the number of companies compromised and the number of records accessed, breach incidents are occurring at a record-setting pace, with over four billion records exposed for misuse and abuse this year.

Read More
October 16, 2019

The Week in Breach: 10/09/19 – 10/15/19

This week, hackers hijack a shoe company’s email list, patients are upset about healthcare data breaches, and Twitter comes under fire for data misuse.

Read More
October 09, 2019

The Week in Breach: 10/02/19 – 10/08/19

This week, hackers make a sport of exploiting online gamers’ data, ransomware prevents patient care, and business leaders lament today’s data landscape.

Read More
October 03, 2019

NCSAM 2019: Cybersecurity is a shared responsibility

If we were to record a time-lapse of cybersecurity awareness over time, it would reveal an exponential curve driven by news headlines of privacy breaches and data misuse. In today’s fast-paced digital environment, the most practical solutions for securing organizations and users are often clouded by bright shiny objects. Recognizing this trend, the theme for this month’s 16th annual National Cybersecurity Awareness Month (NCSAM) is: “Own it, Secure it, Protect it”. Follow along as the ID Agent team breaks down the basics and outlines how cybersecurity is truly a shared responsibility for us all, as consumers, SMBs, and MSPs. You are what you consume In the wake of the heavily publicized Facebook and Cambridge Analytica scandal, it’s no secret that even seemingly innocuous information in our digital profiles is incredibly valuable to hackers. To make matters worse, it is constantly being exchanged on the Dark Web in order to be exploited in the near future. Social media is a double-edged sword, enabling us to innovate and communicate at rapid speeds, but also inviting cybersecurity threats that can compromise personal data. How can we strike the right balance? OWN IT. By understanding your digital profile, keeping privacy settings updated, and monitoring applications, you can take control of your personal information. Vigilance becomes increasingly relevant as we begin to see more social engineering methods, where fraudsters will take the guise of someone you trust in order to siphon your friend’s, family’s, or company’s data.

Read More
September 26, 2019

Best Practices for GLBA and FINRA Compliance

When it comes to security compliance and regulatory oversight across America, no verticals or functions are being spared. The financial services industry is one that has recently come under scrutiny, as stakeholders begin to realize the sensitivity of data flowing through their processes and organizations. Keep reading for a breakdown of Gram-Leach-Bliley Act (GLBA) compliance, along with a checklist of the top 10 cybersecurity best practices as reported by the Financial Industry Regulatory Authority, Inc. (FINRA). Financial Privacy and Safeguards The Gram-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, requires financial institutions to explain how they share and protect their customers’ private information. Additionally, these rules apply to entities outside of the financial services industry that process or receive such information, which can range from real estate companies to tax preparers and more. Below are the two key components to the GLBA, with the second holding specific implications for data security: Financial Privacy Rule – In order to be compliant, organizations must communicate how they share sensitive data, inform customers of their right to opt out of information-sharing agreements, and explain how they protect customer data. Safeguards Rule – Regulating the confidentiality of customer information is separated into three main initiatives: employee security awareness training, information systems, and system failure. Although there are many steps and requirements, we’ve got you covered. With BullPhish ID™, you can check security awareness training off the list and move one step closer to compliance. The ROI of Compliance At this point, you may be wondering why you have to be compliant. The threat of non-compliance penalties may seem enough, amounting to $100,000 per violation, but it barely scratches the surface. Individuals can face additional charges that include prison time, and although the risk of reputational damage is not easily quantifiable, it is often even more crippling. In a world where customer loyalty and trust are king, unauthorized sharing or leaks in customer data can result in brand erosion and revenue loss. Practice Makes Perfect As your go-to solutions provider, we’re not here to spell out doom-and-gloom, but instead to help solve your problems. Click the link below to download the Small Firm Cybersecurity Checklist by FINRA: https://www.finra.org/compliance-tools/cybersecurity-checklist. Ready to take the first step to being GLBA compliant? Learn how BullPhish ID can help you easily manage the recommended security awareness training:

Read More

Please fill in the form below to subscribe to our blog