2015 will be remembered as the year corporate data loss entered the mainstream. Throughout the year, it seemed like every week there was news around a new data breach or cyber attack.
Research from a number of sources, including the 2015 Cyberthreat Defense Report and the Privacy Rights Clearinghouse, has shown a steady increase in breaches since 2014. As a result, data security has been centre stage, both in the media and in the boardroom. However, while it may have looked like no firm was safe, there were clear winners and losers when it came to data security in 2015.
With this in mind, we’ve taken a look at all of the major data stories from 2015 to reveal our data loss winners and losers.
Data Loss Losers:
Most people, when asked about data breaches in 2015, would be able to name at least one of the companies affected. That’s because 2015 saw so many household names suffer a serious leak of customer data. From Carphone Warehouse and TalkTalk to Moonpig and Thomson, it seemed like any firm could be next to suffer a breach.
What was more worrying was the variety of methods by which these breaches occurred, from vulnerabilities in a mobile app to external cyberattacks and misplaced emails. For any organisation in 2016, the key takeaway here is not just that no business is safe, but that there is almost a limitless number of ways a company can lose data.
The fallout from major data breaches in 2015 and earlier hasn’t just affected the companies involved. The impact of these breaches has been felt much more widely than that. Seeing the damage caused to those organisations suffering from a data breach is causing others to look at how they use their own data.
Nowhere is this more serious than with the NHS’s care.data service, which is currently on hold due to concerns over the security of patient data. However, by rejecting data-led initiatives out of hand, businesses are putting productivity gains, reputation and ultimately their competitive edge at risk.
Internet of Things
2015 saw a number of advancements in the area of the Internet of Things and connected devices. However, for all the benefits of a connected fridge or heating system, there is a much darker side. News broke earlier in the year of a demonstration of a zero-day exploit of a vehicle’s entertainment system, allowing the hackers to remotely control the car’s electronics and cut power to its engine.
While connected devices are still in relatively early stages of their development, it demonstrates that any internet-enabled object can be compromised. This can have serious consequences in a corporate context if it opens up the network to hackers. Research by HP has highlighted that many connected devices don’t even use basic security measures, making them an obvious route for hackers to exploit.
Data Loss Winners:
One winner in 2015 was data protection regulation, particularly the Data Protection Act. There were a number of high profile fines handed out by the Information Commissioner’s Office in 2015 for breaches of the Act, including £160,000 for South Wales Police and £175,000 for an insurance provider.
At the same time, the European Union General Data Protection Regulation (EU GDPR) became increasingly important as businesses throughout Europe started to run out of time to become compliant with this Regulation. What’s more, after 2016, the consequences of a data breach – with the EU GDPR in force – will be much more serious than at present. Businesses of all sizes are realising compliance with the EU GDPR and the Data Protection Act has never been more important.
Effective data protection policies
2015 was also a good year for data protection policies. Nothing makes businesses more likely to reassess the protection they’ve got in place against data loss than seeing household names fall victim to a data breach. However, there’s a big difference between reminding your staff to update their passwords and ensuring your data protection policies are as robust as possible. The coming year should see organisations of all types ensuring they’ve got a three step process in place for protecting data. To be truly effective, this holistic approach should cover data usage policy, employee training and technology designed to protect your endpoints and the data they contain.
Of course, it could be argued that the ultimate winners in 2015 were the hackers themselves, who managed to breach the defences of so many firms. However, businesses looking to next year and beyond can learn from this to ensure they don’t become 2016’s data loss losers. Data breaches can hit any firm, of any size, in a number of ways, and hackers are always trying to find new vulnerabilities.
As a result, there has never been a better time to assess what can be done to guard against data loss. It’s likely there will be even more data breaches in 2016, and businesses need to act now to ensure they don’t become data loss losers in 2016.
James Pattinson, Vice President, EMEA, Absolute
Image source: Shutterstock/wk1003mike