The number of data breach incidents reached a new high in 2017 at 1,579, which represents a 44.7 percent increase over 2016 events, according to the 2017 Data Breach Year-End Review released by the Identity Theft Resource Center® and CyberScout®. The rapid rise in data breach incidents is alarming and represents a rise in theft attempts along with new, sophisticated methods of attacks and a need for more effective security measures.
The target of these breaches is often “Personally Identifiable Information” (PII), which includes PIN numbers to access bank accounts, information like social security numbers and birth dates that can be used to acquire loans, and existing credit card numbers to make fraudulent purchases.
This article reviews the methods that cyberthieves commonly use to access data from personal and corporate sources, as well as how to prevent attacks.
According to the Pew Research Center, approximately 64 percent of U.S. adults have experienced a theft of their personal data. Today, personal data is the equivalent of currency, and with so many of the world’s population conducting business, managing finances and socializing online, our personal and financial data is also online.
Cyberthieves use various methods to acquire this information with some hackers breaking into the data banks of organizations that have a lot of client PII – such as Target and Facebook – to going directly to the individual.
As evidenced by the Facebook data hack, reported in September 2018, data theft can happen to organizations that are technologically sophisticated. In this case, the hackers discovered a vulnerability in the software that allowed them to access 50-million Facebook users’ PII. Since discovering the breach, Facebook has corrected the vulnerability.
The Target breach that occurred in November 2013 and cost about $300 million was likely caused by a contractor who succumbed to an email scam, commonly called “Phishing.” These emails look like they come from a legitimate source, but in this case, the email contained malware that was downloaded onto a work computer and was passed onto the data system used by Target, accessing 40-million customer credit card and debit card numbers.
Another way that hackers get PII is sending emails directly to individuals that may look like they are from the U.S. Internal Revenue Service or Microsoft Corporation. Often, they are asking for key data, such as a request to verify a PIN number or a request to send an electronic payment which goes to scammers.
Related Article: The Growing Importance of Cybersecurity to Business
Personal security measures
As individuals, it’s important to keep our data secure with proven security measures. If you’re unsure of whether a request for information is legitimate or not, call the friend, government entity or business to make sure. In the meantime, here are everyday measures that can keep your information safe:
- Download the latest anti-virus software on computers
- Give out PII sparingly, to companies that you trust
- Limit who can see your social media accounts
- Don’t respond to duplicate “friend” requests on Facebook
- Don’t download items that are emailed to you unless they are from a verified, safe source
- Update your security measures on all of your online accounts regularly
If you’re concerned that your PII has been stolen, you can also review your credit reports on Experian, Equifax and TransUnion regularly to catch fraudulent activity.
Corporate data security
The cost to organizations who experience a data breach is incredibly high, judging from the Target incident, which doesn’t account the damage to their professional reputation and the cost to repair it.
To remain competitive, companies must have the trust of their clients, which means they must rely on professionals who can utilize the latest technology to keep organizations and their clients safe against hackers. Many large companies have a data security individual or department as part of the organization, but many also utilize the services of a trusted contractor.
Data security is now part of the cost of doing business in the 21st century, which creates greater opportunity for individuals who wish to be on the front-line of an emerging professional field.
The growth in data security analysis jobs between 2016 and 2026 is 28 percent, which the Bureau of Labor Statistics (BLS) says is faster than average. Although a bachelor’s degree in a cybersecurity degree is required, the BLS notes that some employers prefer job applicants with a master’s degree in the discipline.
A cybersecurity professional must have an education that explores the latest tools and best practices to help manage and protect sensitive customer and corporate data, as well as strengthening firewalls and information infrastructures to resist attacks. These resources may include monitoring systems, intrusion detection and forensic tools to identify breaches and threats.
An advanced program should have students investigate today’s trends in security management, as well as emerging threats.
If you want to create a career in this dynamic, emerging field – or, want to advance into a higher position, Northcentral University’s Master of Science in Cybersecurity provides coursework that leads the industry and professors who work one-on-one to help you apply what you learn to real-world situations. If you have questions about how you can make a difference in data security, speak to an enrollment advisor today.