The Ubiquity Of Data Breaches

-

 BY ROHAN GOPAL 


“The social engineering that occurred on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. A successful attack required the attackers to obtain access to both our internal network as well as specific employee credentials that granted them access to our internal support tools. Not all of the employees that were initially targeted had permissions to use account management tools, but the attackers used their credentials to access our internal systems and gain information about our processes. This knowledge then enabled them to target additional employees who did have access to our account support tools. Using the credentials of employees with access to these tools, the attackers targeted 130 Twitter accounts, ultimately Tweeting from 45, accessing the DM inbox of 36, and downloading the Twitter Data of 7”, reads the official statement from twitter, admitting its recent data breach. Companies and customers around the world are no more alien to this term, ‘data breach’. The term has become synonymous with every company. From small to behemoth corporations, all have felt the wrath of data breaches in recent times. Even as I write this article, a notification pops on my screen stating a massive data breach at LinkedIn affecting 500 million users. This portrays the ubiquity of data breaches in this digitised world. The issue of data breach has particularly accelerated post pandemic as companies switched all their operations online making themselves more susceptible to hackers. For instance, take the case of India which recorded a mammoth increase of 37% data breach cases this year as compared to the previous year. The biggest of these was of course towards the latter part of the year when in November, a data breach at India’s biggest online grocer - BigBasket, affecting nearly 2 crore users was brought to light. It was alleged that the contacts, email addresses, passwords and house addresses of these 2 million people were put up for sale on the dark web to the tune of 40,000$.  

It is said that the process of data breach takes a hacker lesser time than it takes to prepare a cup of coffee. While unearthing, or even taking cognizance of the breach takes years. It is estimated, that on average, a company takes about 200 days to identify and another 70 days to contain a data breach.

The adverse impact of such breaches on the companies and customers alike are manifold. The ever-increasing cases of data breaches takes a toll on the finances of the company in the sense that companies have to shell out whopping sums of money on cyber-security. Then, data breaches involve a lot of costs that need to be spent on the investigation of a breach. Breaches also attract a significant sum of legal and regulatory fines from the regulators. In addition to the financial toll, data breaches can have devastating and irreparable long-term impacts on the company by severely tarnishing its brand reputation. Breaches expose sensitive customer data to the hackers like their contact details, passwords, credit card or other bank information which is then sold off to third parties for monetary gains. Customer trust is severely eroded in such scenarios which is bound to make them apprehensive about the company’s future. The result is a loss in revenues for the company.

Data breaches are equally, if not more, catastrophic for the company from the standpoint of competition. When the sensitive information of the company like its financial information (the one which can be accessed by insiders only), its policies and other intellectual property are forcibly unveiled to the general public, the company’s rivals are set to make use of it. This can translate to the company losing its market share.

Another point worth noting in the case of breaches is that, owing to the above stated impacts a breach has on a company, the company’s valuations take a turn for the worse. Consider the case of yahoo which was the recipient of 2 massive data breaches in 2016 which compromised over a billion accounts! When Verizon acquired the company later that year, it offered yahoo 350 million$ less than what was agreed on initially!

The disastrous effects that a data breach threatens to inflict on a company are one of the company’s worst nightmares. It is imperative for companies to safeguard themselves from these breaches in order to maintain their position and reputation in the market. In order to do that, the company first needs to identify the causes of data breach. Employees are said to be the weakest link in the data security chain. Majority of the data breaches occur as a result of employee manipulation by the hackers. This makes the employees extremely susceptible to a phishing attack as was seen in the recent data breach case at twitter. So, employee training takes the primary importance in this aspect. Along with this, the software needs to be regularly updated since older software are more vulnerable when it comes to data security. Conducting regular audits is another way of ensuring the privacy of customer information.

To conclude, it would be prudent to reiterate that as data breaches become increasingly common, it would augur well for every company, irrespective of its size, to safeguard itself and its customers from the ordeals of cybercrime. It is no longer a matter of ‘if’ but ‘when’ a business is going to be targeted.