Article Summary (TL;DR)
Our five key takeaways about the world of data security and compliance in 2023 and beyond:
- Cybercrime is continuously on the rise.
- Ransomware is still a top threat.
- Cloud security is a major risk for businesses that work with multiple SaaS and partners.
- Cybersecurity threats are becoming more complex, and businesses must ensure they comply with relevant data privacy laws.
- Integrate.io is a data integration platform built around the highest security protocols
Table of Contents
- The Latest Data Breach Statistics
- Compliance for Data Security
- 2023 Data Security Threats
- Integrate.io: Data Integration with the Highest Level of Security
Large and small businesses face daily reminders that their data’s security is under attack by digital pirates, hackers, and cybercriminals. These threats require an immediate response, whether it's an unexpected hacking threat or a newly discovered database vulnerability. Understanding these threats and how to prevent them is crucial in 2023. But first, let's see why data security is an apropos conversation and look at the latest data breach statistics and compliance laws for data security.
The Latest Data Breach Statistics
IBM Security’s regular report on “The Cost of a Data Breach” shows that the cost of data breaches globally was, on average, $4.35 million in 2022. That’s a significant 2.6% increase from 2021. Although businesses are generally more aware of data security threats and how to deal with them, cybercriminals are finding ever-more complex and harder-to-track ways to impact companies. Security Magazine states that cyberattacks are increasing in both “frequency and severity.” It’s notable that in recent years, some of the larger attacks appear to have been aimed at government agencies, utilities, and other vital aspects of local, national, or even global critical infrastructure. Forbes reports that attacks on government or military institutions were up by 47% in 2022.
Below is a list of notable data breaches in recent years.
Well-known cellular provider T-Mobile suffered a data breach in 2021 that impacted the personal data of millions of users. When the cyberattack was first reported, the figure was stated at potentially 100 million users. However, T-Mobile later released a statement that 47.8 million users had been affected, but no details such as account numbers, PIN number, phone numbers, or financial information had been compromised. However, information that was potentially leaked included device identification numbers such as IMEI numbers and security identification information, including driver’s license numbers.
In 2022, T-Mobile had to pay out a total of $350 million in compensation to customers who now had zero trust in the organization. The total cost of the breach, including investigating the cause and taking preventative action, was probably much higher.
Costa Rican Government – Conti Ransomware Attack
In April and May, 2022, ransomware attacks targeting 27 different government bodies in Costa Rica caused the country to practically grind to a halt. Two primary attacks were the problem, with the second attack in May impacting the Costa Rican health service severely. President Rodrigo Chaves classified the acts as cyber terrorism, which is indicative of a global shift towards seeing cybercriminals as more than just “hackers” or “crackers”.
The ransomware attacks — a form of cyberattack whereby an organization loses access to its systems until a ransom, usually paid in cryptocurrency, is paid — were linked to Conti, a Russian gang that proudly displays the names of its victims on its website. Conti recently publicly backed the Russian invasion of Ukraine, threatening retaliation to any cyberattacks against Russia. However, they are also not immune to hacking, and their chat logs were recently accessed and leaked by a Ukrainian researcher.
Twitter Email Address Sales
As recently as January 4th, 2023, Twitter’s user data was being bought and sold on what’s known as the dark web. As many as 200 million users’ email addresses are for sale right now, with prices starting from as little as $2. Potential identity fraudsters can use a purchased email address with password generators to try and hack into other systems and steal further personal data. The security breach that caused the latest leak of data has reportedly been fixed, but once the data is held by malicious actors, there is virtually no way to recover it.
It’s important not to make the mistake of thinking that, just because you’re a small business, you’re safe from data security breaches. Smaller companies are just as vulnerable as larger ones:
- 43% of data hacks are aimed at small to medium businesses, yet only 14% of small businesses describe their data security strategy as “highly effective.”
- 57% of attacks aimed at small businesses focus on phishing or social engineering.
- 82% of security breaches involve the human element, including social attacks, misuse, and simple error.
These alarming statistics show how complacency among business leaders or data security teams can easily lead to breaches and data loss. Another consideration for businesses is the compliance regulations they must now adhere to.
Compliance for Data Security
Due to the increased number of hacking events, governments worldwide have established data security laws and processes that govern how companies safeguard their business and client information. Even if you're not concerned about hacks or breaches, it’s essential to understand your obligations under these laws:
- California Consumer Privacy Act (CCPA): The CCPA holds businesses to a high standard of consumer data security. Under the law, California consumers can demand all data a company keeps on them, in addition to a list of third parties the company shares the data with. The law also empowers consumers to sue companies for CCPA violations — not just in the event of a data breach. The California state attorney general enforces the CCPA. Organizations found to violate CCPA compliance are subject to a civil penalty of up to $2,500 per violation and up to $7,500 per willful violation or any violation that impacts children.
Federal Information Security Management Act of 2002 (FISMA): FISMA requires federal agencies to establish data protection plans to prevent hacks.
General Data Protection Regulation (GDPR): The GDPR guards European Union citizens against data hacks. If your company processes E.U. citizens’ personal information, your data policy falls under GDPR jurisdiction. The GDPR has set penalties at a maximum of €20 million, or 4% annual global turnover, whichever is higher.
Health Insurance Portability and Accountability Act (HIPAA): HIPAA safeguards patient data privacy in the United States. If your company processes healthcare data for U.S. patients, you may need to conform to HIPAA compliance standards.
- Service Organization Control (SOC2): SOC2 is a data security and reporting standard that applies to the American Institute of CPAs. It seeks to maintain customer information security, integrity, availability, and confidentiality in the accounting industry. SOC 1, 2, and 3 vary in requirements – we're focusing on SOC2 here; however, there are two types of certifications. Type 1 involves passing the SOC2 audit and proving that your policies, procedures, and technologies comply with the framework’s requirements. Type 2 involves ongoing compliance with SOC2 and rigorous audit processes.
As you can see, information security is not only vital for your business due to increased hacking threats, but also because of compliance rules that obligate you to protect the information in a specific way.
2023 Data Security Threats
As we move into the new year, it’s important to understand the most dangerous threats in cybersecurity. The most pressing risks to information security in the coming year include the following:
More Advanced Ransomware Attacks
In a ransomware attack, hackers install a virus that disables your computer while demanding that you pay a ransom fee to get your system back. These threats have existed for some time, but what we’ve seen so far is just the tip of the iceberg.
Hackers are now using new technology to infiltrate corporate data systems and hold entire businesses, hostage, until they pay a fee. To do this, hackers are using “self-propagating ransomware worm viruses.” These viruses rapidly duplicate themselves across a data network—infecting as many systems as possible while deleting backups—until the entire framework is inoperable and the business has no choice but to pay the ransom.
From the hacker’s perspective, targeting businesses makes sense. Many companies will pay a ransom to get their computers back online and avoid the tremendous costs of losing their data infrastructure. However, hackers know that large enterprises have deep pockets, so ransom payments can be massive.
A prime example of this happened in 2016 when attackers hijacked the Hollywood Presbyterian Medical Center’s computer system—rendering it largely inoperable. The virus encrypted the hospital’s database files, and the attackers demanded 40 bitcoins (a value of $17,000 at the time) for the decryption key. The hospital paid the fee instead of facing setbacks that would have been a lot more expensive.
Primary Types of Ransomware Viruses
There are five main types of ransomware viruses used to target enterprises and businesses:
Cryptoworms: Encrypt your computer data, rendering your system unusable until you pay the ransom fee in cryptocurrency. The 2017 WannaCry virus is the most famous example of a crypto worm. These viruses are self-propagating, so they spread autonomously throughout a corporate database system.
Lockers: Hijack operating systems to lock you out of computer files and applications until you submit to the ransom.
Scareware viruses: Pretend to be antivirus tools while claiming they found "viruses" on your computer. Some scareware spams you with annoying popups and alerts while demanding payment to remove the supposed virus.
Doxware viruses: Threaten to release your personal information and photographs on the internet unless you pay a fee. Many victims are so worried that their private photos and data will get released that they immediately the ransom.
- Ransomware as a Service (RaaS): Often in plain sight, despite its illegal nature, Ransomware as a Service "service providers" operate on a subscription basis just like the typical SaaS company, only RaaS providers offer ransomware as a service (RaaS) to "affiliates" who then use the service to attack a business's data system. RaaS helps non-tech-savvy criminals move forward with a ransomware hijack. Those who host RaaS platforms receive payments in cryptocurrency.
Most bad actors are financially motivated, but hackers may try to harm an organization for political or ideological reasons in today’s geopolitical climate. Regardless of why a ransomware threat exists, enterprises need to develop strategies for containing a company-wide attack like this. They should also have a data recovery plan in place to restore their data systems in the event of a destructive breach.
Here are some important risk management strategies to prevent a ransomware attack:
Use advanced security software: Install a trusted suite of security and anti-virus software and keep the software up to date.
Install updates: Keep your operating system updated by installing security patches as soon as they're available.
Delete untrusted emails: Never open an untrusted email or attachment and be cautious with trusted parties’ attachments if you don't know what it is.
Delete untrusted attachments: wary of attachments that ask you to "enable macros." Enabling macros could put you at risk.
Back up everything: Back up important files on an external hard drive that is not connected to the rest of your data system so ransomware has less power over you.
Migrate to the cloud: Use a cloud-based server system. Cloud-based servers offer high-level security features, and they take periodic snapshots of your files so you can roll back to a previous version after a hack.
Only pay the ransom as a last resort: Speak with your tech team, a cybersecurity expert, and the police before submitting to a ransom. Hackers might take your money and never liberate the system.
Supply Chain Security Breaches
Since the early 2000s, the product supply has experienced extreme globalization. By the mid-2000s:
1% of North American manufacturers had moved production to lower-cost locations
More than 40% of North American manufacturers were planning to expand their marketing base into Eastern and Central Europe, Mexico, and Central America
Accelerating globalization and outsourcing of both software and I.T. hardware became the norm in the U.S. electronics industry. A rough estimate put USA chip manufacturing at only 20% of total global output. Modern supply chain systems handle, distribute, and process goods using a complex network of suppliers and services. These supply chains glow in the dark, attracting cybercriminals from every echelon of society. Additionally, software stacks are continually advancing, and security teams struggle to keep up and secure critical internal infrastructure. Also, third-party suppliers usually have some level of access to their customer's networks, and the industry has loose access control policies; this invariably leads to attack surfaces opening up — making breaches in perimeter defenses much more likely.
Businesses have become so good at protecting themselves against database security threats that cyber criminals are being forced to explore backdoor vulnerabilities — essentially, by accessing data systems through “supply chain attacks.”
In database security, a supply chain attack seeks to find a data security weakness through supply chain partners and vendors that connect to your company’s larger data system. It doesn’t matter how advanced your data hygiene practices are. If your supply chain partners are falling asleep at the wheel, cybercriminals can exploit them.
The most famous supply chain attack happened to Target customers in 2013. Attackers infected Target’s point-of-sale (POS) data system across 1,800 stores with malware that compromised the debit and credit cards of approximately 40 million customers. Target spent $61 million responding to the breach, which resulted in a 46% earnings drop in the last quarter of 2013 and numerous customer lawsuits.
Interestingly, the attack happened even though Target (1) installed an advanced database security system six months before the incident, and (2) had a team of cybersecurity experts monitoring the system for threats. Target claims that hackers bypassed these security measures by stealing an air conditioner repair company’s security credentials that serviced Target stores.
To prevent a supply chain attack like this, incorporate the following strategies into your database security plan:
Use a cyber-threat intelligence service: Cyber-threat intelligence services will prepare you for and prevent supply chain threats before they become a problem.
Audit your supply chain regularly: Perform supply chain audits by building factory and vendor testing into your data hygiene process. This will help you monitor the security practices of partnering companies.
Follow all compliance standards: Compliance regulations exist for a reason. Adhering to them will protect your data systems, help prevent you from getting in trouble with the law and reduce your liability exposure.
Codify your risk assessment standards: Adopt and follow risk assessment standards for your data system to better identify and resolve threats.
“Cryptojacking” of Cloud-Server Databases
Another ongoing threat is cloud-based server hacking. Even though cloud-based servers like Amazon Redshift employ the most advanced security features, virus detection, and encryption available, these systems aren't beneficial if you make configuration mistakes that leave your data available to hackers. Cybercriminals could also obtain access to your cloud system by working with a malicious employee, stealing access credentials, or using phishing tactics.
Here are two examples of recent cloud-based server attacks:
2019 Capital One breach: The July 2019 Capital One hack involved an Amazon Web Services (AWS) cloud server. According to a legal complaint, a tech worker exploited a “firewall misconfiguration” to steal private data belonging to millions of Capital One employees. The misconfiguration allowed the tech worker to retrieve security credentials with access to Capital One's sensitive customer data. Amazon claims that the cloud server at the center of the breach was not at fault and blamed the breach on IT setup and management errors.
2022 FlexBooker breaches: FlexBooker is an online appointment booking digital solution. A breach in January 2022 highlighted another breach in December 2021 and indicated that there may have been a total loss of data of 172GB. Up to 19 million users’ data was exposed, and over 19 million files were compromised.
To prevent a cloud server breach, follow these security measures:
Monitor cloud-server configurations closely: Double-check all server configurations, passwords, and other security measures with a keen eye for detail. Develop a checklist to ensure your team doesn't miss anything. Also, watch out for changes to your server configuration by hackers. You can do this by launching tools that notify your team of newly created server resources and launches of new applications.
Hire the right people: Ensure that the cloud server techs you work with have the requisite skills and experience to avoid errors and shore up vulnerabilities when configuring your cloud server system.
Monitor for suspicious behavior: This involves baselining “typical” user activity, so you can detect and stop anomalous hacking behavior if it occurs.
Monitor network traffic activity: Detect suspicious activity that could belong to hackers by monitoring your cloud server's network traffic activity.
Install software patches immediately: Hackers are always searching for new vulnerabilities. Software developers respond quickly to these vulnerabilities with security patches to stop the exploitation. However, you won't benefit from this protection if you don't update your system with new patches.
We've covered some of the most relevant data security concerns for 2023 and beyond. What's important to remember is that data security and hacking concerns are constantly in flux. As soon as you shore up one vulnerability, hackers will find another. Ultimately, data security trends require constant monitoring so you can swiftly respond to new threats and compliance standards.
Integrate.io: Data Integration with the Highest Level of Security
Integrate.io is a powerful, easy-to-use data integration platform offering ETL and reverse ETL solutions plus ELT and CDC (change data capture) automation services. Businesses can take advantage of our no-code, jargon-free environment to quickly prepare data for analysis by business intelligence (BI) tools. We offer the highest level of security and compliance for all of our ETL data integrations, such as:
- SSL/TLS encryption on all our websites and micro-services
- Encryption of sensitive data anytime it's “at rest” in the Integrate.io platform using industry-standard encryption
- Constant verification of our security certificates and encryption algorithms
- Physical infrastructure hosted by accredited Amazon Web Service (AWS) technology
- Advanced preparations to meet the EU General Data Protection Regulation (GDPR) standards
- Operating system access is limited to Integrate.io staff and requires a username and key authentication
- Firewalls that restrict access to systems from external networks and between systems internally
Keeping your data secure is important. Achieve complete data observability with our no-code data pipeline platform. Try it for yourself and sign up for your 14-day trial. After you've signed up, schedule your ETL Trial meeting so we can go over what to expect, and help you get the most from your trial.