As of 2019, data security landed itself in a dangerous place. Nearly 4,000 data breaches exposed 4.1 billion records, a 54 per cent and 52 per cent respective year-over-year increase.
Even with the onset of 2020 underway, the data landscape has not improved. From local governments overrun by ransomware to healthcare companies struggling to treat patients after cybersecurity incidents, today’s technological landscape continues to be in a dangerous place for data security.
It’s a continuation of a trend that’s been building for more than a decade. As more of our businesses and personal lives are brought online, bad actors have a better opportunity to steal valuable information.
The start of a new decade represents a chance to shift priorities to address the most prescient data security threats and trends. In the compliance era we’re in now, here is what’s likely to matter most.
#1 Insider threats
Companies have been slow to identify that a significant data security risk isn’t attributed to existential, external bad actors. Instead, companies’ own employees represent a considerable threat to data integrity.
Verizon’s 2019 Data Breach Investigations Report concluded that nearly ⅓ of all data breaches are the result of malicious or accidental insider threats. In some industries, that number is significantly higher. For instance, in the healthcare sector, insider threats account for 60 per cent of all data breaches, many of them accidental.
In 2019, major data breaches like Dejardins were the result of insider threats, while many more minor data loss events are attributed to the same hazard. This year, it’s time to address insider threats by developing data management expectations and implementing software solutions to provide accountability and endpoint data loss protection. Businesses have many options to choose from in this regard, and adopting the right solutions empowers companies to account for a known controllable, a critical step toward improving their defensive posture in the year ahead.
#2 Increased regulatory oversight
For the past several years, Europe’s General Data Protection Regulation (GDPR) raised the standards for data security at companies around the world. This year, the law began imposing financial penalties on companies that failed to protect customer data. These numbers can reach as high as 20 million euros or 4 per cent of total global turnover. Collectively, the cost of a data breach is expected to rise by two-thirds by 2024, primarily because of regulatory fines and penalties.
Simply put, companies should expect that the financial consequences of a data breach will continue to become more onerous with time.
What’s more, data privacy regulations are becoming a global norm, as other actions, like California's CCPA, will expand the scope of data protection in the year ahead. Therefore, every company should approach data privacy as a bottom-line issue because the accompanying regulatory scrutiny can be costly.
#3 More convincing phishing scams
Despite companies’ best efforts, phishing scams inevitably make their way to employee inboxes, and these malicious messages will only escalate in the year ahead. Phishing scams have increased by double-digit percentages for years. This holiday season alone, phishing emails are up 233 per cent year-over-year.
Phishing scams will progress to be even more convincing as bad actors rely on a deluge of data available from years of data breaches to create authentic-looking spear phishing messages that can easily dupe employees into handing over their credentials or sensitive information.
When this happens, the financial consequences can be extensive. For example, in October 2019, an Ocala employee received a phishing email that contained a fraudulent invoice. Unaware of the scam, the employee paid the bill, totalling more than $600,000.
Notably, companies should expect that phishing scams will deploy the hallmarks of internet security, like HTTPS encryption, to mask their malicious activity.
Credential stealing malware was a scourge on retailers in 2019. Most recently, Macy’s was victimised by Magecart malware, a payment skimming malware that steals the most sensitive customer information. In total, it’s estimated that more than 50,000 companies worldwide have been impacted by payment skimming malware.
Heading into a new decade presents a fresh opportunity to review cybersecurity standards, something that should be a top priority from the onset. Until companies lock down their digital payment systems, bad actors will continue to exploit this avenue, costing companies money and destroying consumer confidence along the way.
#5 Customer revolts
Taken together, this new reality should increase the impetus for data security. Indeed, it’s a big ask, but companies have millions of reasons to get his right. By focusing on the threats and trends that matter most, any company can improve its defensive posture, while positioning itself to thrive for years ahead.
Ultimately, whether customer data is stolen by malware or misused by insider threats, many are unwilling to put up with companies that can’t protect their information. A recent study found that 81 per cent of consumers would stop interacting with a brand online in the wake of a data breach.
Similarly, many customers have made data security a prerequisite toward making purchases. A survey of Australian consumers found that 74 per cent indicated that confidence in a brand’s data security was an important component of the buying process. In other words, consumers are taking control of their digital privacy, and companies that want to meet the moment will similarly value this priority.
Isaac Kohen, VP of R&D, Teramind