Without effective and thorough data security measures, organizations take on quite a bit of unnecessary risk: risk of incurring penalties and fines associated with regulatory noncompliance and negligence, risk of reputational damage amongst their peers, and risk of losing the trust of their customer base, to name a few.
More important than money and reputation are the individuals whose personal data these organizations are collecting. These people, like you and me, are ultimately those most at risk when a breach occurs. When ineffective data security risks allow sensitive data and personally identifiable information (PII) to get into the wrong hands, the customer’s safety is recklessly compromised.
The monthly Immuta Unlocked Newsletter offers subscribers up-to-date insights and industry information to help them keep current with data security trends. Our most recent Newsletter spotlighted the inherent risks of collecting, storing, and using data in the modern information landscape.
Here is a roundup of September’s top data breach headlines:
The Hacking of Uber and Rockstar Games
It’s one thing to hear about a relatively isolated business or corporation being hacked. It’s another to find out that a widely popular service with over 118 million users might have leaked your personal information to a teenage hacker. The hacker in question, known as “TeaPot,” gained access to the internal systems of both transportation giant Uber and video game developer Rockstar Games within the same week in late September. Using the increasingly popular technique known as “social engineering,” TeaPot managed to deceive employees into sharing their login credentials and providing access to systems like company cloud databases, messaging platforms, and even customer data.
Social engineering, which was reported to the FBI 323,972 times in 2021, demonstrates the necessity of both data security standards and effective safeguards. Even if sensitive customer data is stored in the company’s cloud ecosystem, not all employees should be able to access that information. Dynamic data access control can safely limit who is able to access customer information, ensuring users only see the information they need to see, and adding another line of security against socially engineered hacks like these.
The Increasing Price Tag of Cyber Attacks
Article: An increase in cyber attack fines highlights firms’ need to tighten security (Open Access Government)
As the frequency of cyber attacks continues to rise, so too does the price tag for dealing with their aftermaths. When weak points in an organization’s security infrastructure are found to have led to a data leak or breach, that organization can be subject to a number of monetary penalties from national or international authorities. One survey by DBTA found that the average cost of a data breach in 2022 has reached $4.24 million per incident. If that isn’t substantial enough, GDPR guidelines allow the most serious breaches to be penalized with fines up to €20 million ($19 million USD).
Traditionally, cyber criminals have targeted large companies that have vast amounts of data. Now, however, their focus is beginning to shift to many small- and medium-size businesses that may have more primitive – and likely, more vulnerable – data security frameworks. Being fined tens to hundreds of thousands of dollars can spell disaster for organizations without the financial backing that larger corporations have. Those looking to avoid the rising fines associated with breach should implement and maintain rigorous data security measures.
The Twitter Whistleblower Alleges Security Malpractice
In late August, former Twitter head of security Peiter “Mudge” Zatko came forth to allege that the social media platform’s leadership has been purposefully covering up the vulnerability and mismanagement of their security and privacy practices. Testifying in front of Congress’ Senate Judiciary Committee, the whistleblower shared that the security of users’ personal information is lax, leaving it vulnerable to attacks from domestic or foreign actors. The company also allegedly fails to consistently delete the data of users who terminate their Twitter accounts, spreading the risk across both current and former users.
This puts Twitter at risk of being handed billions of dollars worth of fines from the United States government due to a lack of compliance with Federal Trade Commission (FTC) rules. Beyond the fines, Twitter’s alleged security malpractice, which misled both regulators and investors, sets a dangerous precedent for how organizations care for and protect its users’ sensitive data. Like the Uber breach, poor data security at such a widely-used service puts millions of users around the world in a needlessly dangerous situation.
Heavy Fines Handed Out for Regulatory Noncompliance
Article: What Meta’s GDPR fine can teach CISOs about data protection (VentureBeat)
September saw more than one media conglomerate critiqued on a grand scale for their data malpractice. Early in the month, Meta was fined €405 million ($403 million USD) by the Data Protection Commission of Ireland for noncompliance with GDPR standards when the platform allowed users between the ages of 13-17 to set up business accounts on Instagram, publicly exposing their phone numbers and email addresses.
In a world where everyone and their children are online, safe practices and policies are essential. This instance emphasizes the importance of proper oversight in data security and privacy measures, including leadership roles charged with ensuring things don’t slip through the cracks. Roles like the Chief Data Officer (CDO) and Chief Information Security Officer (CISO) are extremely important in establishing oversight and accountability measures across data platforms and practices. This will help companies avoid fines as substantial as the one assessed to Meta.
Keeping Up with Key Stories
Spotlighting extensive hacks, dangerous breaches, and substantial fines, September’s Key Stories justify the importance of vigorous data security measures in today’s online landscape.
To access these stories early and stay up to date on the latest in data security and beyond, make sure to subscribe to the Immuta Unlocked Newsletter today. Each month, we include a range of these Key Stories in the newsletter to provide our subscribers with access to the latest news in data.
We’ll see you next month!