Data breaches today blow a million-dollar hole in India Inc’s pocket and companies are now more aware than ever of the issues that breaches can cause.
Minimize the risk of a data breach and protect your business reputation with a solution like SkyFlok.
At SkyFlok we allow users to use multiple cloud storage providers together to efficiently and securely store their files. We distribute the data across multiple locations and providers, which means that an attacker needs to compromise multiple Cloud providers before having any chance to look at the files. Your clients’ data is safe and you keep full control over it.
Subscribe to SkyFlok and protect your sensitive or confidential client data from unauthorized disclosure.
Financial sector firms lose the most, followed by the services and industrial sectors. Companies are now more aware than ever of the issues data breaches can cause. India saw the second highest number of data breaches in 2018.
Take a few burning examples in recent times. A leading e-commerce portal in India admitted that owing to a technical glitch, tax reports of some of its sellers were exposed to others. The company said this affected about 400,000 sellers on its platform. Sellers who were affected said they were able to download tax reports of other vendors.
One of the largest banks in India secured an unprotected server that allowed unrestricted access to financial information of millions of its customers. In this case, the bank had not protected the server with a password, allowing anyone who knew where to look to access the data on millions of customers’ information.
Stating just a couple of data breach examples would be significantly underplaying the level of threat that enterprise and personal data are exposed to at present. Take the recent case of Gnosticplayers, who has put up more than 863 million user records for sale on the Dark Web since February 2019 over multiple rounds.
More than 40 companies across the globe have been affected by this single hacker, and include businesses across sectors as diverse as game development, book retail, and e-commerce. Names and databases of several affected companies have not been named, as they caved in to the extortion demands of the hacker.
Such examples just go on to show how challenging ensuring data security in an increasingly digital-first actually is. This is a reflection of how innovative threat actors have become over the years. They exploit weaknesses in platform codes and often leverage multiple vulnerabilities in tandem to come up with unique attack vectors that internal teams would never even have thought to check for during security testing.
“To me, this underlines an urgent need for organisations to start approaching their processes, products/services, and technological integrations with a security-first outlook,” says Sanjay Katkar, Joint Managing Director and Chief Technology Officer, Quick Heal Technologies. Doing so will allow companies to build robust business infrastructures which are more capable of withstanding new-age threats and cyber-attacks, and to ensure that the critical data they handle does not fall into the hands of cybercriminals.
Let’s look at some more examples. One of the recent incidents that shook the banking industry globally was the British Bank Scam. Scammers stole 1.2 billion Pounds from British bank customers over the last year, but the data was released only recently by UK Finance.The fraud against customers rocketed to 1.2 billion Pounds, with a 25% spike in comparison to the previous year.
“The two key tools used to steal money were; unauthorized use of payment cards and authorized push payment (APP). APP breaches occur when fraudsters hack into email accounts to trick consumers into sending money to criminal accounts,” says Ramesh Mamgain, Area Vice President of Sales – India & SAARC at Commvault.
However, it’s great that the bank even reported this. Earlier, banks globally wouldn’t report such incidents, due to fear of losing market cap. Indian banks too need to report such incidents publically, so that there is enough awareness and a robust mechanism is established to fight data breaches. Domestic banking corporations here can learn from incidents like these in foreign banks as technology continues to break physical barriers, and cybercrime has no borders.
We are not yet over with this. Data breach examples abound over the last year:
The world’s largest container shipping company – Maersk was attacked by a ransomware. Maersk’s ships are completely digitally run. The directions, volume and weights on the ship are managed by technology. As the ransomware hit their systems, the operations across the world stopped working. Billions worth of goods were stuck in oceans as the ships stopped working. With timely intervention and help from a major data security solution provider, Maersk was able to recover its entire backed up data in seven days.
In January 2019, cybercriminals hit the cloud storage service provider MEGA. More than 772 million email addresses and 22 million unique passwords were compromised in this breach.
In November 2018, the guest reservation database of Marriott’s Starwood division was hit with a large-scale data breach that is estimated to have compromised the records of around 500 million customers. The compromised data included critical information such as guest payment information, mailing addresses, passport numbers etc. Experts estimate that the attacker(s) had unrestricted access to multiple IT systems across the organisation for a significant duration of time.
One of the most popular AMA platforms in the world, Quora was hit with a security breach in November 2018 that ended up compromising the personal information of around 100 million users. Cybercriminals got away with extremely sensitive user information such as user names/IDs, email/IP addresses, encrypted passwords, user account settings, personalization data, public actions, etc.
2018 was not a good year for Facebook in terms of data security. The social network was hit with several massive data breaches throughout the course of the year, with the worst incident leading to more than 50 million users being compromised. It is estimated that several hundred million Facebook users across the globe have been affected by these security breaches.
Cybercriminals stole the details of more than 380,000 booking transactions in a web skimming attack on British Airways between August 21 and September 5, 2018. The breach, which is one of the biggest cybersecurity incidents faced by the global aviation industry, saw extremely sensitive personal information such as credit/debit card numbers, expiration dates, and CVV codes being compromised.
High profile incidents and hacks of notable entities have brought digital security to the forefront of people’s minds. Vinod Jaisingh – Head of Global Analytics, RBS India highlights some of the major digital security gaps faced by the BFSI sector:
Automation – Offenders can use automation to scale up their activities – many millions of unsolicited bulk spam messages can be sent out by automation. Hacking attacks are often also now automated with as many as 80 million hacking attacks every day due to the use of software tools that can attack thousands of computer systems within hours.
Anonymous communications – Determining the origin of communication is very often a key component of cybercrime investigation. However, the distributed nature of the network, as well as the availability of certain Internet services, which create uncertainty of origin, make it difficult to identify offenders.
A recent report by a think tank found that 97% of sites are hit with some sort of bad bots. Bots can be programmed to perform a wide range of activities, but here are the most common for e-commerce sites:
- Price Scraping: If the website has unique pricing and product information, the chances are extremely high that the site will be hit by scraping bots. These bots collect pricing and product data and send it back to the bot-maker, who could be a competitor so that they can lower their prices and take sales.
- Login Fraud: Bots can attempt to login using real user’s credentials by guessing the password by rapidly going through a dictionary of words and number combinations, or by testing known credentials that have been leaked elsewhere.
- Holding Items: Because bots can act more quickly than human browsers, they are able to refresh pages many times over to check for sales or limited-release products. Bots can add items to a cart, limiting inventory for actual users who visit the site looking for a specific product.
Also Read: Digital Dose For Pharma