Three Important Questions About Data Breaches
It's no secret that security incidents happen every day. Information on large numbers of people is exposed, and in some cases, the effects on these people's lives are quite serious. A few questions pop up immediately. Here's the first one:
Why do data breaches occur in the first place?
It's simple: because your data is valuable. Let's say your banking card information is stolen from an online shop you've been using. According to reports, credit cards are sold, in bulk, for as little as $5 a pop on the dark web. The hackers that compromised the website have probably made off with not just yours, but hundreds of other cards, which means that they're already looking at a hefty profit. This, obviously, is not the end of it.
Criminals buy stolen cards because they want to indulge in a spot of shopping at other people's expense. Sure, most of the cards they purchase will be canceled by the time they arrive in their hands, but even if a single one is left active, the return on the investment could be significant. Unfortunately, the problem doesn't stop at credit cards.
Large lists of emails addresses, the spammers' lifeline, are bought and sold on the dark web as well. In the past, unsolicited messages revolved mostly around libido-enhancing pills and worthless penny stocks, but since these aren't as profitable as they used to be, the bad guys have moved on to other tactics. Most of the ransomware operators, for example, use spam to infect their victims because it's easy to socially engineer people into opening a malicious file. Once that's done, the hackers just need to sit back and wait for the money flow to begin. And in recent years, the flow has become a torrent.
There are many more ways in which your personal information could be monetized, but listing them all in a single article is just impractical. The bottom line is that the troves of stolen data that get leaked during data breaches are fueling an entire underground industry, and a very profitable one at that. Let's move on to the next question.
What are the mechanisms of a data breach?
Sponsored by IBM Security, the 2017 Ponemon Cost of Data Breach Study is based on 1,900 interviews with people from 419 companies that have suffered a data breach in 2016 and 2017. The report is mostly focused on the financial damage organizations incur after the data is exposed, and it makes for an interesting read. That said, the study also discusses how the incidents happened at the aforementioned 419 organizations.
47% of the data breaches occurred because hackers broke into the system. In the rest of the cases, the data was leaked because of a system glitch or a human error. So, more often than not, the hackers don't even need to put their hoodies on. Sometimes, it's a matter of finding the exposed database and copy-pasting it. This is properly scary stuff, and it brings us on to the final question.
What can we do to prevent data breaches?
Well, you could try waving a magic wand, but unless you have a Hogwarts diploma framed on your wall, you most likely won't be able to stop data from being exposed. Even if you have graduated from a fictional school, you're still unlikely to do anything to effectively stop what is now a growing trend.
As Ponemon's study concludes, data breaches happen because of hackers, software bugs, and human errors. Hackers will continue to hack, software will continue to have bugs, and humans will continue to make mistakes. As grim as it sounds, there's nothing you can do to change that.
What you can do is be careful with your own data. Think about the accounts you have and whether you need all of them. Think about the amount of information you're giving website owners when you're signing up for a new account. Consider how trustworthy the websites you use are.
Last but not least, use different passwords on different websites to ensure that if you fall victim to one data breach, the rest of your accounts will remain intact.