Preventing a breach and countries targeted by hackers
As we’ve seen recently, the penalties for data breaches are rising across the board. Just last week British Airways received the new record in GDPR fines, and now Marriott faces a $700 million sum in the US. These figures are only going to grow.
According to HIPAA Journal, March of 2019 saw an average of one data breach per day in the healthcare industry, whether through phishing schemes, improper user access, or any other type of attack. Indeed there are seemingly countless vulnerabilities in the cybersecurity landscape these days; though there are also plenty of recommended steps. Up to date firmware and operating systems, ensuring third-party associates are compliant, constant monitoring to ensure your networks are free of malicious code, managing access across the enterprise: these are just a few forms of data protection any organization should leverage.
Outdated systems, for example, might have been the weak spot targeted by the twenty year old cybersecurity worker who has now been arrested for hacking, well, Bulgaria. Though the cause is not completely clear yet, or even the identity of the true culprit, what is known is that over 5 million citizens of that country had their personal records stolen from the tax revenue office. Keep in mind that Bulgaria is a nation of around 7 million, so virtually every adult there was a victim of this breach.
“These kinds of incidents should not happen in a state institution. It seems like it didn’t require huge efforts, and it’s probably the personal data of almost all Bulgarian citizens,” says Desislava Krusteva, a prominent Bulgarian data protection lawyer. It is no doubt a massive scandal for the government, which apparently made minimal attempts at addressing their well-known cybersecurity problems. In fact, even after experiencing another hack within the last year–of the country’s Commercial Registry—the Bulgarian government strangely chose to stay in a holding pattern. Not the best position for any organization to choose, let alone a country—particularly post-GDPR, and particularly a country with a population such that it’s a fairly simple matter to hack virtually the whole of it.
Avoid becoming the next national example. Take data security seriously. Make sure privacy is your default setting. Be truly transparent about your policies with those whose data you store, and ensure only necessary data is stored and processed. There really are so many measures you can take, there’s no excuse not to try.