In 2015 Uber, the world’s largest taxi company owns no vehicles, Facebook the world’s most popular media owner creates no content, Alibaba the most valuable retailer has no inventory and Airbnb the world’s largest accommodation provider owns no real estate. This statement made me think about these companies and what, in the absence of tangible assets could their most valuable asset be? It’s simple; it’s in the millions of data records which each of these companies holds.
Reports of data breaches are all too common these days hitting some of the biggest names in business such as Sony, Target and Home Depot. Whilst the big brand names occupy the media headlines, business owners should no longer be complacent towards the value of the data within their business. It is no longer a case of if but when a business will suffer a security breach. It’s time for every business to start treating data as an asset. To today’s cyber criminal, data is the new cash!
Cyber Criminal Activity
Findings from the 2014 Gemalto Breach Level Index found that over 1 billion records were successfully intercepted by cyber criminals earning 2014 its name as the “Year of the Hack”. In comparison to 2013, this represented a 78% increase in the number of breach incidents. That equals 2.8 million records stolen every single day!!
As large corporate companies sit up and take note of the increasing threat, cyber criminals are recognising that small to medium sized enterprises are easier targets where online security tends to be weaker due to a lack of trained resource and robust security policies.
Recently Bitglass undertook an experiment geared towards understanding what happens to sensitive data once it has been stolen. In the experiment, a fake list of 1500 employees which included social security numbers, credit card numbers, addresses and phone numbers travelled the globe, landing in five different continents and 22 countries within two weeks.
The experiment offers insight into how stolen records from data breaches are shared, bought and then sold on the black market. The falsified data was placed on Dropbox as well as on seven Dark Web sites believed to be frequented by cyber criminals.
The result of the experiment found that within 12 days the data was:
- Accessed from five continents – North America, Asia, Europe, Africa and South America
- Accessed from 22 countries – United States, Brazil, Belgium, Nigeria, Hong Kong, Spain, Germany, the United Kingdom, France, Sweden, Finland, the Maldives,
- New Zealand, Canada, Norway, the Russian Federation, the Netherlands, the Czech Republic, Denmark, Italy, Turkey
- Accessed most often from Nigeria, Russia and Brazil
- Viewed 1,081 times, with 47 unique downloads.
Treat every record within your business as if it has commercial value. It may look like a list of names and addresses but the underground hacker markets are thriving with counterfeit documents to further enable cyber criminals to then utilise the compromised data to commit online fraud and identity theft.
Protect Your Data
Simple Steps to Protect Your Data:
- Manage email security and validate potential threats.
- Enforce strict password policies and ensure that passwords change on a regular basis.
- Manage privileged user accounts.
- People can often be the weakest link. Invest in your people and train your employees.
- Ensure that your software is up to date and that security patches are set up to automatically update.
- Implement a robust records management policy and only store data for as long as it is required.