Few things are as ominous in today’s digital landscape as a data breach. I know this firsthand through my work in the insider threat detection and monitoring space. Not only do data breaches come with an immense cost, estimated at close to $4 million, but shifting consumer sentiment and increased regulatory scrutiny help ensure that companies will be dealing with the consequences long after the initial expense is paid.

However, while data security has to be a bottom-line issue for every company heading into 2020, not every cyber threat poses the same degree of risk, and companies can work to provide unparalleled data protection by fortifying their security standards against the most prescient threats.

In that spirit, here are ten data privacy risks that could hinder your company in 2020.

1. Accidental Sharing

Not all data loss events are the work of sophisticated cybercriminals. In fact, a shocking number of data breaches are caused by a company’s own employees who accidentally share, misplace or mishandle sensitive data.

According to a 2018 report by Shred-it, 40% of senior executives attribute their most recent security incident to these behaviors.

For instance, in August, hundreds of Australians’ personally identifiable information and health details were exposed to the public after an employee accidentally sent a sensitive spreadsheet to an organizational outsider.

People do make mistakes, and mitigating the risks associated with those errors is critical for protecting data privacy.

2. Overworked Cybersecurity Teams

Few people bear the brunt of today’s cybersecurity landscape like the IT admins tasked with protecting a company’s most sensitive information.

Perhaps unsurprisingly, they are worn out.

More than two-thirds of cybersecurity professionals have considered quitting their jobs or leaving the industry altogether, and their general fatigue makes an already challenging situation even more difficult.

This leaves companies exposed, and it should increase the impetus to implement automation wherever and whenever possible.

3. Employee Data Theft

When companies consider their cybersecurity risks, malicious outsiders are typically top of mind. Indeed, cybercriminals play a prominent role in some data heists, but company employees promulgate many others.

Verizon’s 2019 Insider Threat Report found that 57% of database breaches include insider threats and the majority, 61%, of those employees are not in leadership positions when they compromise customer data.

Fortunately, companies have resources to guard against the risks posed by insider threats.

4. Ransomware

Few cyber threats garner the media attention and inherent fear as ransomware attacks. These attacks are on the rise as both local municipalities and small-to-midsize businesses (SMBs) are victimized by these digital cash grabs that can be incredibly expensive.

The cost of a ransomware attack has more than doubled in 2019, and this trend is likely to continue well into the future.

Many ransomware attacks begin at the employee level as phishing scams and other malicious communications invite these devastating attacks.

5. Bad Password Hygiene

Recently, Google conducted a study on various login credentials, and it concluded that 1.5% of all login information on the internet is vulnerable to credential stuffing attacks that use stolen information to inflict further attacks on a company’s IT network.

Many login credentials are compromised in previous data breaches, and with many people using redundant or easy-to-guess passwords, that information can be used to access company data even when the networks are secure.

Therefore, best practices like requiring routinely updated passwords are a simple but consequential way to address this preventable threat.

6. Bribery

Company data and intellectual property are both incredibly valuable and, in some cases, employees can be bribed into revealing this information.

For example, in 2018, Amazon accused several employees of participating in a bribery scheme that compromised customer data, and in 2019, it was discovered that AT&T employees received bribes to plant malware on the company network.

Of course, bribery isn’t the most accessible way to perpetuate a data scheme, but, especially for companies whose value resides in their intellectual property, it can be a serious data security concern.

7. Too Much Data Access

Company data is one of the most valuable assets that any business controls, and it should be protected accordingly.

To put it simply, data access should be a need-to-know ecosystem that minimizes exposure and reduces the risk of accidental or malicious misuse.

8. Phishing Emails

Phishing emails are on the rise, increasing by 250% this year. At the same time, new technology and increased information accessibility are making these attacks more sophisticated, increasing the likelihood that hackers will successfully infiltrate your IT systems.

Despite every business’ best efforts, these malicious messages inevitably make their way into employees’ inboxes. Managing this traffic and equipping employees with tools, education and training to defend against these threats will be critical.

9. Fraud

Email addresses and passwords are in high demand by cybercriminals, serving as the primary data stolen in 70% and 64% of breaches respectively. Since this information can be used to deploy other, more diverse attacks, every company needs to be aware of how their data could be used against them.

10. Denial

In the year ahead, too many companies will refuse to adequately meet our data integrity moment, and this is magnified when it comes to SMBs, which are statistically most vulnerable to a data breach. A study by Keeper Security and Ponemon Institute found that 67% of SMBs experienced a significant cybersecurity incident in the past year.

To be sure, today’s digital landscape can be paralyzing, but it’s not impossible to navigate. By controlling the controllables, accounting for the most prominent risks and implementing a holistic cybersecurity strategy that accounts for both, every company can put their best foot forward when it comes to data security and privacy.

Originally published on Forbes, by Isaac Kohen, on October 1, 2019

 

Share