ITRC Insights: Breaking down 2017’s cybersecurity breaches

March 23, 20185 Minute Read

Select article text below to share directly to Twitter!


Not a month goes by without news of the latest, greatest cybersecurity breach—Equifax, Uber, WannaCry, oh my! Even with current IT security solutions, companies struggle to stay ahead of quickly evolving hacking methods. The most recent Cyberthreat Defense Report found 79 percent of networks were breached in 2017, and on top of that, cyber attacks are expected to cost the world $2.1 trillion in 2019.

These breaches happen across every vertical, and no industry is immune. Businesses of all sizes and in all sectors need to prepare, but the pain points aren’t always the same—there are nuances to dealing with cybersecurity threats in each sector you should be aware of to deploy the right IT security solutions and adequately protect your business.

That said, the best way prepare for the future is to analyze and learn from the past. Let’s take a look at the Identity Theft Resource Center’s (ITRC) annual report, which was published at the end of 2017 and breaks down security breaches into five categories.

Protect your business—no one is safe

ITRC tracked 680 business breaches in 2017, compromising almost 160 million records. From Zillow to Red Lobster, customers’ personal data was under siege. Why is the business sector such a target? Not only do they hold troves of customer data, but they can also represent low-hanging fruit. If even large, tech-savvy companies, like Yahoo and Uber, struggle to prevent breaches, how prepared can a local deli chain be?

In addition, there aren’t as many compliance regulations in business as there are in banking or healthcare, which allows vulnerabilities to go unnoticed—until exploited. Too many organizations don’t invest enough in security up front. A common problem is overlooking endpoints, like employee mobile devices or printers. Businesses can better protect themselves by investing in technology, such as printers with embedded security features, which provide continuous monitoring and self-healing capabilities in the event of an attack. This takes some of the burdens off of IT.

Lock down all banking, credit, and financial data

Data breaches are on the rise in financial services. ITRC tracked 99 breaches compromising 2.9 million records in the financial sector in 2017. The worst part? Human error tends to be the biggest vulnerability—58 percent were due to human error, such as falling prey to a phishing scam that led to a malware infestation.

Another pain point is digital transformation. Financial services organizations are transitioning from old-school, legacy systems to new technologies, like cloud, big data, and container solutions, but this creates security risks. Thales Security, in its 2017 Data Threat Report, found 96 percent of respondents will “use sensitive data in advanced technology environments” this year, while 47 percent are deploying these technologies in advance of having appropriate levels of data security in place.

To better protect your financial institution, you need to ensure the organization’s data security advances hand in hand with your infrastructure. You should also increase use of fraud-detection mechanisms to identify problems before they explode and ramp up employee education efforts.

Teach the education industry about strong security

The education sector experienced 116 breaches of 1,146,861 records last year. This vertical has become a regular site of hacks and data breaches—for example, the University of California at Berkeley discovered a cyber attack on a university computer system that held financial data for 80,000 people, including students, alumni, faculty, and vendors. Internet security firm FireEye also found 550 universities reported some type of data breach between 2006-2013. Some of these breaches, such as those at Penn State and the University of Virginia, were attributed to Chinese hackers, leading to suspicions about nation-state attacks.

For educational institutions, the top threat is malware. College IT teams can boost security by implementing persistent malware protection mechanisms and making sure all antivirus software is up to date. All incoming and outgoing traffic should be monitored for suspicious behavior.

Password exposure is another issue entirely. People on college campuses tend to use convenient but weak passwords, according to SecurityScorecard. Schools can reduce this risk by establishing stricter policies and controls around password security.

Batten down the hatches in government

The government sector saw 70 breaches compromising nearly 6 million records in 2017. Protecting government data, whether it’s Geauga County in Ohio or the Texas Department of Agriculture, is key to keeping the country running. However, tight budgets, bureaucracy, and outdated technology still plague government institutions. A 2016 report from the Government Accountability Office (GAO) revealed the Defense Department still uses floppy disks and the IRS relies on software from the 1950s.

Another government issue with IT security is contractors. The exposure of 198 million voter records in 2017? That happened because a data firm called Deep Root Analytics failed to put up access protections, making the information viewable to anyone who could guess the Amazon subdomain.

To improve government cybersecurity, switching out legacy hardware and software with newer technology is important, as is securing endpoints. Research from a GovLoop and HP study found 58 percent of government employees said they need color printing at their agency on a regular basis, so printer security, as well as mobile security, need to be priorities.

Tighten medical and healthcare IT environments

The ITRC logged 374 breaches in the healthcare industry, compromising over 174 million records in 2017. This aligns with the findings of the Healthcare Industry Cybersecurity Task Force report in 2017, which deemed healthcare cybersecurity in “critical condition.” One of the top issues in 2017 for healthcare was the lack of a capable security workforce—three out of four hospitals don’t have a designated security person. This, combined with the fact that healthcare data is so sensitive, makes the industry a prime target for cybercriminals deploying ransomware.

Another issue with the healthcare vertical is the Internet of Things. As tools, like telemedicine and smart monitors, become more mainstream, new endpoints will have to be protected. Hospitals need to focus on vendor risk, risk assessment, and breach response. For example, organizations can require third-party partners to pass a risk assessment standard.

No two verticals face the same security challenges, but all need to make cybersecurity a priority in 2018. Start making changes today, and you and your organization will be able to pivot and adapt to the evolving IT landscape in the future—and hackers will know to stay away.

  • Recommended for you
  • Recommended for You