The Verizon Enterprise Team shared the 2018 Data Breach Investigations Report to help organizations get a handle on security breaches to better protect their own systems from a potential incident. The report is an analysis of over 53,000 incidents that occurred recently, including 2,216 confirmed data breaches. We read the report and wanted to share some of our key learnings to help businesses protect their point of sale, networks, and more.
What you are up against
The report begins by cautioning that a security breach can happen to any size business, especially the unprepared, not just companies that are wealthy. “Ignore the stereotype of sophisticated cybercriminals just targeting billion-dollar businesses,” noted the report.
Knowing where these hackers are coming from can help inform businesses. The report states that 73% of attacks were carried out by outsiders. Half of all the breaches in the report were contrived by members of organized criminal groups, and 12% were perpetrated by nation-state or state-affiliated actors. Even more chilling, 28% involved insiders, those that have legitimate access to your system, like an employee or contractor.
Beyond insiders, 17% of breaches involved errors, like not shredding confidential information, emailing the wrong person confidential information or not configuring web servers correctly.
Phishing campaigns are largely unsuccessful because 78% don’t click on anything which is good news, but on average about 4% of people will click. And even 4% can add up to be a serious issue. It only takes one person to open one corrupt email for a business to be harmed.
Malicious software
In 2013, the report notes that ransomware first showed up as another issue for businesses to be cautioned over. In the 2018 report, ransomware is the most prevalent variety of malware, found in 39% of cases where malware was identified. Ransomware is easy to deploy and can be very effective for criminals because they don’t have to steal your data, they just must stop you from using it. More commonly, criminals don’t have to aim for just a single user device, they can go for the file server or database which, if not backed up, can take the entire business offline.
Biggest risks
Every industry is susceptible to its own set of risks and threats, says the Verizon report. For example, the accommodation industry (as it’s named on the report) needs to be focused on preventing POS system attacks as 90% of all breaches involve POS intrusions. What is a POS? A POS is hardware and software used to manage the transactions for business. Finding the best POS system for your business means understanding your business needs, the functions, features and tools your business needs to procure throughout the checkout process. It’s also important to remember to check your POS software often for updates to keep it functioning.
The Verizon report finds the financial industry is still having major problems with payment card skimmers. A card skimmer is a malicious card reader attached to the real payment terminal so it can pull data from every person that swipes their card. A skimming device that gets inserted into an ATM only takes a criminal a few seconds to install and can be a jackpot for organized criminal groups.
What can you do
Verizon’s report also notes that 68% of breaches took months or longer to discover. In some cases, it took law enforcement or customers to make the business aware of the breach. The report notes that “it comes down to two things: defense and response.” And it goes on to say, “you should build defenses that are strong enough to send cybercriminals in the direction of an easier target.”
“But no defense is 100% effective,” noted the report. “Should an attacker get through, you need to be prepared to respond quickly and effectively.”
In addition to all the great advice Verizon’s report offers, here’s some additional tips from CardConnect on how to keep yourself as safe as possible from a breach.
1. Don’t keep data
Business can accumulate a lot of data, and year after year, it can not only clog up systems and may not be necessary to keep collecting. Businesses can also lose track of information and put themselves at risk of letting criminal hackers into the database.
2. Meet your PCI standards
Observing the PCI Data Security Standards (PCI DSS) put in place by the PCI Security Standards Council is necessary for merchants accepting credit card payments. Not only could they be met with fines, but also risk a breach if PCI compliance isn’t met.
3. Segment your network
Isolate your network’s data and add firewalls. Then, only grant access to employees who absolutely need the access. The less people that have access the better.
4. Archive important things
Create another server for archiving information you still need but that doesn’t need to remain online. This server may only need one or two people to have access. You’ll be protecting your systems and streamlining your network at the same time.
5. Protect data with tokens
Tokenization replaces the real data of the credit card with a token that even if stolen, would prove to be useless for hackers. If a POS system never held the original data in the first place, then customer information is kept safe.
6. Stay on top of updates
Vulnerabilities that are known can be patched simply by ensuring your updates are always occurring.
7. Put someone in charge
While every employee can be on the lookout if something doesn’t seem right, having one person in charge of this all the time can prove crucial for businesses. This person can make sure the plan for protecting your data is always up-to-date.
If you’re interested in learning more about the steps you can take and the security solutions you can implement to protect your business (no matter the size), fill out the form below and we’ll put you directly in touch with someone on our Support team.