Important Data Breach Issues in 2020

Important Data Breach Issues in 2020

Jan 03, 2021 / Kron

The news that large companies thought to have implemented strict data security measures had their data leaked occupied the agenda throughout 2020. The truth is, wherever there is an internet connection, remote data breaches may occur. And this means that companies that do not take action against cyberattacks may be exposed to data breaches at any time. In this article, we take a closer look at the 2020 data breaches and the measures companies can take based on the lessons learned from these incidents...

What is a Data Breach?

First of all, let's take a look at what is a data breach. A data breach can be defined as a security incident that occurs as a result of unauthorized access to confidential data, medical records, financial, personal, or corporate information by malicious individuals or insider threats within the organization. Data breaches, which are among the most common cybersecurity vulnerabilities, can be very costly for companies both financially and in terms of reputation. Data breaches can affect all industries and pose a threat to businesses of all sizes, small or large.

So, What Are the Types of Data Breaches?

With the transition of millions of employees to remote working models in 2020due to the pandemic, the digital transformation processes of organizations unexpectedly accelerated. This lead to an increase in data breach incidents. The most common types of data breaches in 2020 were:

  • Accidentally exposed: Accidental vulnerabilities, such as the sharing of sensitive information or credentials in an accessible location by anyone on the web
  • Unauthorized access: Malicious actors accessing information and cloud systems, confidential data, by exploiting authentication and authorization control system vulnerabilities
  • Data in motion (Data in transit): Perpetrators accessing sensitive data transmitted openly using HTTP or other unsafe protocols
  • Employee error: Attackers gaining access to data by exploiting weak corporate security systems and individual vulnerabilities
  • Hacking: The most common data breach situation where an outside attacker steals confidential data using phishing, malware, ransomware, or social engineering
  • Internal thefts: Current or former employees accessing and leaking confidential data to harm the company
  • Physical theft: Theft of smart devices such as phones or tablets, computers, or the capture of data stored on these devices

Why Are Data Breach Issues Important for Enterprises?

For enterprises, a data breach is not just a security issue, it is an issue that needs to be addressed in terms of legal obligations. A data breach is defined in the General Data Protection Regulation (GDPR) of EU legislation as “… a security breach that leads to the accidental destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or processed”. The Personal Data Protection Law defines a data breach as “… obtaining of the processed personal data illegally by others…”. Regardless of the extent of the data breach, cybersecurity incidents at some point infiltrate the public agenda and cause enterprises to suffer serious reputational losses. Companies that condone the loss of reputation as well as the violation of the personal data they are obliged to protect, may face serious sanctions under the Personal Data Protection Law.

Important Data Breach Events in 2020

In just the first 6 months of 2020, 16 billion data records were captured by cyber criminals. Data breach incidents experienced by world-renowned companies are an indicator of the increasing importance of cyber security. Here are the prominent data breach events in 2020...

  • World-famous gaming giant suffered a massive cyberattack

    In March 2020, rumors began to circulate that a Japan-based video game company was being hacked. The company soon confirmed these rumors. The attack, which involved unauthorized access to 160,000 user accounts, had worldwide repercussions. After attackers made in-app purchases with financial data from the captured user accounts, the company recommended account holders to use a two-step password verification method.

  • Data breach experienced by Europe's famous airline company affected millions of passengers

    The data breach incident experienced by an airline operating in Europe in mid-2020 had great impact, resulting in the stealing of the data of 9 million passengers worldwide, also affecting 6,846 people in Turkey. The attack, organized by professional hackers, was carried out with custom-made malware that obtained passenger reservation information. The attack took place over a long period of time and was noticed quite late, causing increasing damage. The company is now facing multi-million pound lawsuits.

  • The information of 250 million users of a social media giant was stolen

    On July 15, 2020, the world agenda was shaken by a data breach incident related to a popular social media platform. As a result of the incident, the accounts of the managers of giant technology companies such as Elon Musk, Jeff Bezos, Bill Gates, and other large companies with millions of followers were hacked. As a result of the targeting of high-profile accounts, the value of the company's shares traded on the stock exchange plunged. Another of the consequences of this attack perpetrated by a 17-year-old hacker and his accomplices using social engineering and phishing methods, was Bitcoin theft. The attackers stole hundreds of thousands of dollars worth of Bitcoin with the shares from the accounts they hacked.

What to Do to Prevent Data Breaches

What happened in 2020 proved that data breaches can affect everyone. So, what should companies do to protect themselves from data breaches?

Generally, measures include making sensitive data (or information) inaccessible through encryption, protecting sensitive data with data masking methods, strengthening weak account information, and increasing security layers by using additional security features like two-factor authentication (2FA). It is also important to keep software on devices up to date, to require all devices use a professional VPN service and antivirus software, and to encourage user-friendly cyber security applications. Implementing powerful solutions for access security should be among the primary goals of any company that wants to be protected from data breaches. Using multi-factor authentication solutions, making use of tools that can detect threats at endpoints, and developing rapid response methods are among the organizational measures that can be taken against data breaches.

One of the most effective methods of ensuring cyber security and preventing data breaches within the company is to utilize Privileged Access Management (PAM) solutions, which enable the monitoring and control of users accessing critical data. With Kron's exclusive access management platform, Single Connect, you can protect your business from cyberattacks by ensuring high level security while accessing critical data.

Other Blogs