jump to navigation

Data Breach: Consequences & Repercussions May 2, 2016

Posted by shanederby in 2016 Trends.
trackback

The consequence of not managing data storage needs, more importantly, not understanding the data being stored can result in magnificent costs to both the bottom line and the time it takes to reconcile the data breach.

The following two questions may prove helpful in defining and cataloging what we know about these costs and the scope of potential impact.

  1. What are the costs related to storing and managing large amounts of data (“Big Data”)?

Systems, Applications & Products (SAP)1 is a German multinational software corporation that makes enterprise software to manage business operations and customer relations.  SAP estimates that 2.5 quintillion bytes of new data are stored every day.  That’s right quintillion, the numeral one, followed by eighteen zeros (1,000,000,000,000,000,000)2.  Mobile traffic will grow by more than 60 percent3 over the next 3 years, adding to this already monumental data storage requirement.

So how much does it cost to store and maintain all this data? The answer is: a lot! Google spent $2.4 billion4 on production equipment, data center construction, and facilities in one quarter.  That’s right, in 3 months Google spent $2.4 billion for progress in data center construction.

Backing up the back-ups back up plays a large role in data storage and management costs. With more and more virtualization of data storage, meaning, the data is stored outside the desktop, laptop, or server, the need for data center storage becomes paramount.  Moreover, the data housed in a data center, and even, onsite within a particular business may be backed up dozens of times for compliance sake.  However, much of the data backed up in this manner is usually three to four times what compliance requires.  This translates very well to additional costs related to storing and managing data, than may not need to be managed.

At a granular level, it is fairly easy to track and calculate the capital costs of storing and managing data. In the past, some workstations were stand alone, or even completed with simple journals or logs.  Today, however, it becomes, more complex when considering each employee in the organization now has a direct link to this category of overhead.

2. What are the costs related to reconciling a data breach?

Two primary classes of data breaches normally appear in the headline news. (1) Identity Theft and (2) Healthcare Records. The evidence for growth in data breaches is alarming.

The former is primarily interested in the data contained inside of individual transactions, where the Identify Thief has gained access to a retailers secure server, is able to download a personal copy of transactional data containing many completed fields as possible. Ideally, the thief will have achieved a credit card or debit card number, the correct expiration date, pin number, zip code, name, address, and more.  Although all the information is not needed to create a fake card or use the data to attempt to conduct a transaction online.  The thief in this case, normally sells the information as a total data block for other thief’s to begin “phishing” campaigns in attempt to further secure any missing information and commandeer someone’s personal identify and begin opening accounts in their name or executing transactions.  Over 250 million records in this category have been compromised since 20055.

The latter is of even greater concern. Over 29 million healthcare records were breached6 between 2010 and 2013 alone, and Experian expects these breaches to increase to a potential cost of $5.6 billion annually7.  Second and third order effects can result from a healthcare record breach.  Many healthcare records contain social security numbers and information for next of kin and beneficiaries.  Thieves are intrigued by the net gain of potentially accessing more than one person’s identify inside of one record.

Cyber insurance may become much more attractive to healthcare companies, where only 24%8 of this industry has procured this type of protection.  When compiled with the fact that the average malware compromise was present for 205 days before detection9, the right mix of insurance and detection and response investment may prove successful in avoiding the magnificent cost of a data breach, which include, but not limited to: (1) Data theft/loss, (2) business interruption/loss of profit, (3) fines, (4) legal fees.

Therefore, what can be done by businesses and individuals to mitigate or avoid these costs? The answer: a lot!

The top three suggested solutions that provide immediate protection from Identity Theft:

  • Place a credit freeze with each credit reporting agency: (1) Experian, (2) Equifax, (3) Transunion. The cost is $10 to freeze, and $10 to unfreeze or “thaw” your report for a period of time, but the nominal cost far outweighs the potential cost of a thief opening up and charging an account in your name.
  • Be cautious of keeping a file on your computer with all your passwords to all of your accounts inside of this file. At a minimum encrypt it, ideally, keep a handwritten journal under lock and key or in a fire proof box at home.
  • Request your free credit report from each reporting agency. Request one report every 4 months from a different agency. Reconcile all the accounts to what you believe and understand you have, otherwise, contact the agency(s) immediately to resolve the issue.

Suggested Solutions for reducing data storage and management costs and avoiding a healthcare record compromise:

  • Businesses should schedule an annual or semi-annual data destruction party
  • Businesses should investigate the cost reasonableness to procure cyber insurance
  • Businesses should not require a social security number at any time, for any purpose.
  • Businesses should find new and innovative ways to manage beneficiary and next of kin data

Summary & Conclusion:

The concern for a data breach or unauthorized access and download of personally identifiable information from an individual end user or business is growing each day. While this report only attempts to catalog some evidence regarding the growth of data storage and the allure of gaining access to it for exploitation.  A wealth of knowledge is already available across multiple media channels and internet resources.  Forbes magazine and credit cards.com are just a few valuable tools to review additional personal actions that can be taken to protect personal and business data.  The simple and immediate actions are at your fingertips: (1) remove birthdates, addresses, and locations from social media accounts; disable GPS on your mobile devices, (2) Place a security freeze with all credit reporting agencies, and (3) PROTECT your passwords and change them often.

Keep your head up, stay alert and vigilant while (mobile) computing.

References:

  1. https://en.wikipedia.org/wiki/SAP_SE
  2. https://www.google.com/?gws_rd=ssl#q=quintillion
  3. http://www.datacenterknowledge.com/archives/2014/11/13/management-multi-vendor-storage-environment/
  4. http://www.datacenterknowledge.com/archives/2015/10/23/billions-data-center-spending-behind-cloud-revenue-growth/
  5. http://www.creditcards.com/credit-card-news//10-steps-avoid-identity-theft-1282.php
  6. http://www.idtheftcenter.org/Data-Breaches/the-rising-costs-of-healthcare-data-breaches.html
  7. https://www.experian.com/assets/data-breach/white-papers/2015-industry-forecast-experian.pdf
  8. http://www.gartner.com/document/3004817?ref=solrAll&refval=166989186&qid=7efc6e2b539a8a44918d1367abf7fab9
  9. http://www.gartner.com/document/3183622?ref=solrAll&refval=166988923&qid=f43db048498c4008e255a02a1c4e8c5f

 

 

 

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: