Data manipulation and responsibility
It can be hard to definitively assess which industry is most affected by data breaches. Some research, such as the 2017 Trustwave Global Security Report, points to retailers being the most compromised. Others, like Citrix ShareFile using data from Ponemon, conclude that it’s the healthcare industry, which we’ve written about here on prior occasions.
Whoever is truly first doesn’t make a huge difference, however. Coming in second or third doesn’t make the risk any less real. Not when attackers use techniques both old and evolving to create havoc, oftentimes targeting organizations that remain stagnant in preparatory efforts. Some, minimizing the impact of data security, still view the problem as squarely an IT one. “Ultimately, it should be a part of the company culture and, as such, echoed in all procedures and policies,” says Paige Schaffer, president and COO of Generali Global Assistance’s Identity and Digital Protection Services Global Unit. Education and employee training are still lacking to the point where methods like spear phishing, in which employees are fooled into giving hackers access to their systems, account for 90% of cyberattacks.
Other forms of attack pose an even greater challenge for industries that can be famous for dragging their feet to meet them. Data manipulation, for example, is an emerging threat aimed at falsifying legitimate data rather than actually stealing it. What makes it particularly insidious is its ability to circumvent the traditional tools that detect stolen data, since it simply alters the data where it lies, rather than removing it. You might not even notice it. Stock market data or Air Force software could be compromised, and you would be none the wiser until it was too late.
Experts have been warning about this new type of attack since 2015, which makes it imperative to use new methods of stopping it. As PJ Kirner at Dark Reading recommends, tools to monitor data integrity can send alerts when unauthorized changes occur.
Through all of this, it is also important to remember the customers who are actually affected by a breach. Schaffer insists on companies providing real assistance to victims, like identity theft resolution services, to resolve any fraud issues as smoothly as possible.
No matter the entity, every sector is vulnerable to this sort of occurrence. Responsibility for ensuring data is secure and monitored, and that customers are looked after, falls on the companies and agencies that handle the data. It doesn’t take much research to know that.