SafeNet conducted a data breach study examining all the breaches that occurred in the third quarter of 2014 and found a nearly 25 percent increase in attacks compared to the same quarter last year.
It's particularly helpful for IT consultants to look at studies like this because they offer a big picture view, as opposed to media reports that focus on a few data breaches and make them into a spectacle.
SafeNet's study offers a few shocking statistics:
- Only 1 percent of breaches involved encrypted data that was useless to hackers after they stole it.
- 31 percent of breaches targeted retailers, but financial services (42 percent) and technology / social media / online services (20 percent) were the other industries most commonly breached.
- 24 percent of data breaches were caused by accident.
We encourage you to read the full report, but let's break down what IT consultants can learn from the last four months of data breaches.
Why Encryption Is Important for Controlling the Cost of a Data Breach
More IT security professionals are trying to shift the focus away from preventing a data breach to minimizing the damage done by one.
Information technology experts often advise their clients to assume they can't prevent a breach and make sure data is stored in such a way to minimize damage. How do you do this?
- Delete old records you no longer need, keeping only the minimum amount of essential data.
- Make data anonymous (if identification is not necessary for your use).
- Keep sensitive data encrypted while transmitting it, storing it on the cloud, and in other digital locations.
- Make sure stored data is always encrypted.
Encryption is so important because it can drastically reduce your legal costs. Often, data breach laws offer protection for companies that have encrypted their data. If you lose encrypted data and have no reason to believe that criminals will be able to decrypt it, many states won't even require you to report the breach.
Data Breaches Affect More than Just Retailers
The biggest, most high profile data breaches usually involve a retailer (e.g., Home Depot, Target, etc.), but the retail industry is only the second most common victim of data breaches.
As we saw above, financial services and technology companies make up 62 percent of breaches. Media outlets are much less likely to be scandalized by data breaches that don't involve crooks stealing credit card data from point-of-sale systems.
The danger here is that your non-retail clients may underestimate their risk exposure. Some clients might not even realize that when they lose non-financial data, it can still count as a data breach. Don't let them make that mistake. (For an example of a recent non-retail data breach, read the post, “USPS Hack Exposes Non-Transactional Data.”)
Careless Mistakes Lead to 24% of Data Breaches
Every year, a surprising amount of data breaches are caused by employees making an absentminded mistake like uploading the wrong file or accidentally posting private data. In fact, accidental data loss is the second most common source of data breaches.
When nearly one-quarter of breaches are caused this way, it suggests that businesses aren't training employees properly or their IT isn't set up in such a way to prevent these kinds of slip-ups.
What IT Consultants Can Learn from Data Breach Studies
Data breaches aren't what most people think. There are a surprising number of data breaches that affect small businesses. They're caused by preventable mistakes and made worse by the fact that companies don't encrypt data.
For an IT consultant, the takeaway is that data breaches are often preventable. But investing in new software isn't the only way to prevent a breach. By spending more time managing data and making sure employees use IT correctly, small businesses can reduce the likelihood of a data breach even as attacks become more common.