The Year Of The Breach
By Chris Hidalgo
The number of data breaches rose tremendously last year from the year before. According to a report by digital security firm Gemalto, nearly one billion data records were compromised in 1,500 attacks in 2014 – a 78 percent increase in the number of data records either lost or stolen in 2013. This year has already produced several breaches, the most recent amounting to tens of millions of consumers’ personal records being exposed at one of the largest health insurers in the country.
While many people may already be numb to the news of yet another data breach, the most recent breaches should heighten concern during what might be the biggest year of breaches yet.
There are 3 areas that data breaches and cyber-attacks fall. Each one of these impacts you and each one has seen dramatic increases.
- Personal – Identity Theft
- Individual Small Business – Data Breach & Cyber
- Lost laptop, business device. hard copy folders, others
- Large Corporate Data Breach – Cyber attacks
- Corporate attacks – employees
- Corporate Attacks – large data
Identity theft was by far the largest type of attack in 2014. 54 percent of those attacks involved personal data being stolen, a 23 percent increase from 2013. This personal information includes email addresses, names, passwords, banking details, health information and Social Security numbers.
On the corporate side, banks and retailers have been the primary target in the past decade for cybercriminals to steal financial data including online banking credentials and payment card numbers. But as these institutions have increased their security measures, hackers have moved towards the healthcare industry at the same time the amount of digital healthcare data is growing at a rapid pace.
These criminals are using stolen healthcare data to commit identity theft and fraudulently obtain medical services and prescriptions. They are also using the data to create more convincing profiles of users, thus making it harder to differentiate between a real consumer and their false counterpart.
Many companies and organizations are still not encrypting data. The most recent example of this is when Anthem Inc, the second-largest U.S. health insurer, stored the records of nearly 80 million customers and employees without encrypting them. Some records included employment information, but no financial information was compromised, according to Anthem.
Another way people are having their information stolen is by “phishing” emails set up by malware-spreading spam authors that appear to be from a legitimate source. The emails can look like they came from the person’s bank, credit card issuer or friends. They have links that, once clicked, spread viruses, worms and keystroke loggers onto the victim’s computer.
And lastly the one that means the most to our members: individuals, small and midsize businesses have started to see an increase in threats as well as the continued impact of simple issues like lost laptops and the data that is on the hard drives. According to a 2013 survey by the Ponemon Institute, more than 40 percent of small and midsize businesses do not have an adequate IT budget. It becomes a low-risk, high-reward proposition for attackers.
NAPA is here to assist our members. The following point may be the most important.
You need to build an individual and business plan that secures your data and confirms your compliance.
3 steps every agent should consider:
- Carry individual identity theft coverage to protect from Fraud
- Coming Soon: Look for a new compliance assist product from NAPA in Spring 2015
- Secure Cyber Liability Insurance Coverage
- NAPA’s Data Breach & Cyber Liability Insurance protects you from a financial disaster in the event of a cyber attack
- Learn More
- Holland & Knight
- Wall Street Journal