Published on January 30, 2020
1. Hemali Rangoliya
2. 01 | What is Data Breach & Data Loss ? 02 | Common Causes of Data Loss 03 | Effects of Data Loss on Businesses 04 | Prevention & Privacy Legislation Worldwide 04 | Mind-Boggling Statistics & Facts Overview
3. What is data loss? Data loss is any process or event that results in data being corrupted, deleted and/or made unreadable by a user and/or software or application. Data loss may involve: ● Payment card information (PCI) ● Personal health information (PHI) ● Personally identiﬁable information (PII) ● Trade secrets, or intellectual property
4. What is data breach? A data breach comes as a result of a cyberattack that allows cybercriminals to gain unauthorized access to a computer system or network and steal the private, sensitive, or conﬁdential personal and ﬁnancial data of the customers or users contained within Phases of a Data Breach : ● Research ● Attack ● Exfiltrate
5. Common causes of data loss Data breach is the most common cause that leads to data loss. There are several factors also through which we can loos public as well as private data. ➔ Hacking ➔ Human Error ➔ Virus & Malware ➔ Social Engineering ➔ Power Failures ➔ Physical Theft ➔ Environment/ Disasters ➔ Misuse ➔ Ransomware ➔ Liquid Damage ➔ Phishing attack ➔ Use Of Vulnerable Third Party Application ➔ Formjacking attacks & Cryptojacking ➔ clickjacking
6. Statistics by data loss causes Several factors have been found to be responsible for data breaches. They include: $157 Per User $131 Per User $128 Per User There were more than 1.76 billion records leaked in January 2020 alone. ● 34% of data breaches involved internal actors. (Verizon) ● Phishing emails are responsible for about 91 % of cyber attacks. ● Mobile malware increasing by a massive 54 % in one year. ● A staggering 92 % of malware is delivered via email. ● Cryptojacking is one of the more serious cyber threats to watch out for in 2020.
7. Deep Dive into 4 Common Causes Deep dive into common causes of data loss
8. Ransomware Ransomware is the name for malicious software which gains access and locks down access to vital data (i.e., ﬁles, systems).The WannaCry ransomware attack made many people cry in 2017 ● The average cost of a ransomware attack on businesses is $133,000. (SafeAtLast) ● WannaCry ransomware attack cost the National Health Service (NHS) over $100 million. (Datto) ● 39% of the global data breaches caused by ransomware 5,4 billion WannaCry attacks were blocked in 2017“ “
9. Imperva in their 2019 Cyberthreat Defense Report.
10. Phishing Phishing occurs when someone or something mimics a trusted, reputable entity in order to collect sensitive data (often banking or highly personal details). These attacks are not exclusive to the Internet. Common methods for phishing scams can include: ● A pop-up on your browser ● An email with a link ● A person on the phone claiming to be a representative of a reputable company Tuesday has been observed as the most popular day for phishers to conduct their campaigns while the least popular day was Friday.
11. Denial-of-Service (DoS) DoS breach essentially takes away access to websites and webpages. When this happens at large scale, it’s known as a distributed denial-of-service (DDoS) ● The cost of a DDoS attack averages between $20,000-$40,000 per hour. ● The average size of DDoS attacks was at the mindblowing 26.37 GBps in Q2 2018. ● The longest attack in 2018 lasted 329 hours nearly 2 weeks ● The majority of DDoS attacks are launched from(over 4.5 million in 2018)
12. Source: Neustar
13. Effects of data loss on businesses There was signiﬁcant variation in total data breach costs by organization size. ● 94 % of companies that experience severe data loss do not recover ● 51 % of these companies close within two years of the data loss ● 43% of breach victims were small businesses. (Verizon) ● 15% of breaches involved Healthcare organizations ● 10% in the Financial industry ● 16% in the Public Sector. The cost of data breach in the healthcare industry was the highest at $6.5 MILLION -IBM
14. Telstra Security Report 2018
15. Data Loss Prevention & Privacy Legislation Worldwide
16. What is data loss prevention Data loss prevention (DLP) technology aims to identify, monitor and protect your data, both in storage or in motion through network, from misuse/theft/ransomware/leakage. How to prevent your data? ● Backup ● Use of anti-virus software ● Complying network policies like principle of least privilege (POLP) ● Adhering to data protection Certiﬁcation such as PCI DSS, HIPPA, Cloud Security Alliance, FEDRAMP, HITRUST, ISO 27001/2/17/18, SOC ⅔, Privacy Shield Framework, US-EU Safe Harbor Privacy Framework
17. Privacy Legislation Worldwide ● US includes California Consumer Privacy Act (CCPA) ● Brazil’s Lei Geral de Proteção de Dados (LGPD) ● Thailand’s Personal Data Protection Act (PDPA). ● European Union’s General Data Protection Regulation (GDPR) ● Switzerland's Federal Act ● India’s The Information Technology Act ● South Africa's Electronic Communications and Transactions Act ● New Zealand's Privacy Act of 1993 As 2018 was the year of the GDPR, 2020 will be the year of the CCPA. Its enforcement is likely to set an example for other US states and may serve as a secondary blueprint for international data protection legislation looking for an alternative to the strict model of the GDPR. “ “
18. Privacy Legislation Worldwide 58% COUNTRIES WITH Legislation 10% COUNTRIES WITH Draft Legislation 21% COUNTRIES WITH No Legislation 12% COUNTRIES WITH No Data United Nations Conference on Trade and Development 14/01/2010
19. Mind-Boggling Statistics & Facts
20. 80 % of the problems can be solved by getting the cyber hygiene correct , rather than chasing the latest advanced technology. “ “ Conclusion 80%