Important Data Breach Issues in 2020
The news that the data of even the giant companies leaked, which are considered to have certainly taken strict measures regarding data security, occupied the agenda throughout 2020. The truth is wherever there is an internet connection, remote data breaches may occur. And this means that companies that do not take action against cyberattacks may be exposed to data breaches at any time. In this article, we take a closer look at the data breaches talked a lot about in 2020 and the measures that companies can take based on these problems...
What is a Data Breach?
First of all, let's take a look at what is a data breach. A data breach can be defined as a security incident that occurs as a result of unauthorized access to confidential data, medical records, financial, personal, or corporate information by malicious individuals or insider threats within the organization. Data breaches, which are among the most common cybersecurity vulnerabilities, can be very costly for companies. It also causes a loss of reputation. Data breaches that can affect all industries pose a threat to businesses of all sizes, small or large.
So What Are the Types of Data Breaches?
With the transition of millions of employees to remote working systems due to the pandemic in 2020, the digital transformation processes of organizations unexpectedly accelerated. Therefore, more incidents happened regarding data breaches. The most common types of data breaches in 2020 were:
- Accidentally exposed: Accidental vulnerabilities, such as the sharing of sensitive information or credentials in an accessible location by anyone on the web
- Unauthorized access: Malicious actors accessing information and cloud systems, confidential data, by exploiting authentication and authorization control system vulnerabilities.
- Data in motion (Data in transit): Perpetrators accessing sensitive data transmitted openly using HTTP or other unsafe protocols
- Employee error: Attackers gaining access to data by exploiting weak corporate security systems and individual vulnerabilities
- Hacking: The most common data breach situation where an outside attacker steals confidential data using phishing, malware, ransomware, or social engineering
- Internal thefts: Current or former employees accessing and leaking confidential data to harm the company
- Physical theft: Theft of smart devices such as phones or tablets, computers, or the capture of data stored on these devices
Why Are Data Breach Issues Important for Enterprises?
For enterprises, a data breach is not just a security issue, it is an issue that needs to be addressed in terms of legal obligations. The data breach is defined in the General Data Protection Regulation (GDPR) of EU legislation as “… a security breach that leads to the accidental destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or processed”. Personal Data Protection Law defines a data breach as “… obtaining of the processed personal data illegally by others…”. Regardless of the extent of the data breach, cybersecurity incidents at some point infiltrate the public agenda and cause enterprises to suffer serious reputational losses. Companies that condone the loss of reputation as well as the violation of the personal data they are obliged to protect, may face serious sanctions under the Personal Data Protection Law.
Important Data Breach Events in 2020
In just the first 6 months of 2020, 16 billion data records were captured by cyber criminals. Data breach incidents experienced by world-renowned companies are an indicator of the increasing importance of cyber security. Here are the prominent data breach events in 2020...
- World-famous game giant suffered a massive cyberattack
In March 2020, rumors began to circulate that a Japan-based video game company was being hacked. The company soon confirmed these rumors. The attack, which involved unauthorized access to 160,000 user accounts, had a worldwide repercussion. After attackers made in-app purchases with financial data from the user accounts, the company recommended account holders to use the two-step password verification method.
- Data breach experienced by Europe's famous airline company affected millions of passengers
The data breach incident experienced by an airline operating in Europe in mid-2020 had a great impact. The data breach experienced by the airline, which causes the stealing of the data of 9 million passengers worldwide, also affected 6,846 people in Turkey. The attack, organized by professional attackers, was carried out with a custom-made malware that obtained passenger reservation information. The fact that the attack, which took place over a wide period of time, was noticed quite late caused the damage to grow. The company is now facing multi-million pound lawsuits.
- The information of 250 million users of the social media giant was stolen
On July 15, 2020, the world agenda was shaken by the data breach incident related to the popular social media platform. As a result of the incident, the accounts of the managers of giant technology companies such as Elon Musk, Jeff Bezos, Bill Gates, and large companies with millions of followers were hacked. As a result of the cyberattack targeting high profile accounts, the company's shares traded on the stock exchange lost value. One of the consequences of the attack made by a 17-year-old hacker and his cyber accomplices, using social engineering and phishing methods, was Bitcoin theft. Attackers stole hundreds of thousands of dollars worth of Bitcoin with their shares from the accounts they hacked.
What to Do to Prevent Data Breaches
What happened in 2020 proved that data breaches can affect everyone. So, what should companies do to protect themselves from data breaches?
Generally what needs to be done includes making sensitive data (or information) inaccessible through encryption, protecting sensitive data with data masking methods, strengthening weak account information, and increasing security layers such as two-factor authentication (2FA). It is also important to keep the software of the devices up to date, to require all devices to use a professional VPN service and antivirus software and to encourage user-friendly cyber security applications. Implementing powerful solutions for access security should be among the primary goals of all companies that want to be protected from data breaches. Using multi-factor authentication solutions, making use of tools that can even detect threats at endpoints, and developing rapid response methods are among the organizational measures to be taken against data breaches.
One of the most effective methods of ensuring cyber security and preventing data breaches within the company is to utilize Privileged Access Management (PAM) solutions, which provide control of users accessing critical data. With Kron's exclusive access management platform Single Connect, you can protect your business from cyberattacks by providing high level security in accessing critical data.