Although business owners are adopting more strategies to outwit cyberattackers bent on stealing consumers' sensitive data – such as with credit card processing software – hackers are refining their tactics as well. The lengths to which they've gone were evidenced last year, as data theft incidents reached a regretful record.
There were approximately 1,579 data breaches in the U.S. during the 2017 calendar year, according to recently released figures computed by the Identity Theft Resource Center. Not only was that higher than the total recorded in 2016, but it far exceeded it, jumping 45 percent.
"The business sector felt the majority of data breaches in 2017."
No industry was affected at a more prevalent rate than business. Indeed, 55 percent of breaches impacted the business industry, according to ITRC, with medical and health care in a distant second at 24 percent and banking rounding out the top three (9 percent). Education and government accounted for 8 percent and 5 percent, respectively.
In the health care sphere, insufficient training appears to be exacerbating the cybersecurity issue, according to audit and advisory firm KPMG. Of the 154 health care and science leaders that took part in a recent poll led by KPMG, a slight majority said they weren't aware of what the protocol was for how to deal with these events.
"To borrow a phrase from the movie Cool Hand Luke, 'what we've got here is a failure to communicate,' and that certainly applies to health care organizations in their cyberattack protocols and response plans," warned KPMG cybersecurity expert Michael Ebert. "Health care IT leaders need to communicate more effectively and frequently about the tremendous risks and potential ramifications tied to cyber incidents, and that includes training."
8 in 10 businesses hit by breach worldwide
The latest statistics on cybersecurity follows a similarly worrisome report, which showed the vast majority of companies worldwide experienced at least an attempted breach in 2017. According to the Kroll Annual Global Fraud & Risk Report, 86 percent of executives were impacted by an incident associated with the illegal access of financial data, a 1 percent increase from 2016.
When Social Security data is exposed, it can present a host of issues that can be difficult to reverse for those affected. This may explain why this type of data was attackers' prime target in 2017, with 158 million of them uncovered, based on data from the ITRC. Around 20 percent of these incidents were obtained through debit and credit card processing.
Karen Barney, director of program support at the ITRC, indicated that identity theft most definitely falls under the crimes of opportunity banner, as there are numerous avenues through which consumers' sensitive data can be obtained.
"While a Social Security number continues to be the most valuable piece of information in the hands of a thief, even the exposure of emails, passwords or usernames can be problematic as this information often plays a role in hacking and phishing attacks," Barney explained, according to Information Security Media Group.
60 percent of breaches hack-related
Hacking was the lead method of operation for cyber thieves, ISMG reported from the study. Around 60 percent of the successful attempts were hack-related, with phishing being the most common at 21 percent. Malware breaches were the second-most frequent at 12 percent, followed by credit card skimming (2 percent).
Eva Velasquez, president and CEO of ITRC, told Information Security Media Group that the best data breach reports are highly detailed, because they provide information on what strategies cyber thieves are using. Fortunately, more businesses are putting this knowledge into practice.
"We're seeing more transparency from companies, including the actual number of records impacted," Velasquez said.
So long as businesses are processing payments, cybertheft is not only possible, it's probable. Get in touch with 911 Software to learn more about implementing an effective and preventive point of sale system.