Data Breach Risk For Businesses

By Chris Hidalgo

Companies of all sizes rely on critical business data in order to be successful. Based on a Trend Micro-sponsored Ponemon Institute study, more than 78 percent of organizations have suffered at least one data breach over the past two years with another 13 percent being unsure of an attack.

Even though data security is vital, many small businesses do not make it a priority. A 2013 survey by security software firm AVG revealed that a large amount of data loss occurs simply due to human error and carelessness. 53 percent of U.S. small businesses have reportedly spent more time changing passwords than backing up data. And about a quarter of them leave longer than a week between back-ups.

However, what is more alarming than the growing number of attacks is their sophistication. “Technology that we previously saw being used against governments or defense contractors is now being used against more regular companies,” says Scott McVicar, managing director of cyber security at BAE Systems Applied Intelligence. “It’s a global issue and the prizes are high.”

Verizon’s 2014 Data Breach Investigations report identified nine basic patterns that cover 92 percent of the 100,000 security incidents they have looked at over the past 10 years. These are: point of sale intrusions; web application attacks; insider misuse; physical theft/loss; miscellaneous errors; crimeware; card skimmers; denial of service attacks; cyber-espionage; and everything else.

Another risk to small businesses is Microsoft recently ending support for Windows XP. Microsoft says it will no longer provide security updates, issue fixes to non-security related problems or offer online technical content updates. An estimated 30 percent of computers being used by businesses and consumers are still running on XP, which launched back in 2001. Businesses most likely to still be using XP include banks and financial services companies, along with health care providers. For more information on XP, click here.

Even for those with the most up-to-date computers, the frequency of all types of attacks has increased tremendously in recent months. According to Symantec, the cyber security firm, the number of data breaches rose 63 percent in 2013, leading to more than 552 million identities being exposed worldwide. And the average cost of a data breach is close to $200.

Encrypting data on mobile devices has become a must in preventing data breaches. According to the Department of Health and Human Services’ Office for Civil Rights “wall of shame” website, a tally of 966 major breaches have affected a total of about 31.1 million individuals since 2009. Theft or loss of laptops or other portable electronic devices remains a predominant factor in HIPAA breaches, with two recent compliance settlements resulting in approximately $2 million in fines. Even very small breaches can result in sanctions if an investigation turns up serious issues.