The news that large companies thought to have implemented strict data security measures had their data leaked occupied the agenda throughout 2020. The truth is, wherever there is an internet connection, remote data breaches may occur. And this means that companies that do not take action against cyberattacks may be exposed to data breaches at any time. In this article, we take a closer look at the 2020 data breaches and the measures companies can take based on the lessons learned from these incidents...
First of all, let's take a look at what is a data breach. A data breach can be defined as a security incident that occurs as a result of unauthorized access to confidential data, medical records, financial, personal, or corporate information by malicious individuals or insider threats within the organization. Data breaches, which are among the most common cybersecurity vulnerabilities, can be very costly for companies both financially and in terms of reputation. Data breaches can affect all industries and pose a threat to businesses of all sizes, small or large.
With the transition of millions of employees to remote working models in 2020due to the pandemic, the digital transformation processes of organizations unexpectedly accelerated. This lead to an increase in data breach incidents. The most common types of data breaches in 2020 were:
For enterprises, a data breach is not just a security issue, it is an issue that needs to be addressed in terms of legal obligations. A data breach is defined in the General Data Protection Regulation (GDPR) of EU legislation as “… a security breach that leads to the accidental destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or processed”. The Personal Data Protection Law defines a data breach as “… obtaining of the processed personal data illegally by others…”. Regardless of the extent of the data breach, cybersecurity incidents at some point infiltrate the public agenda and cause enterprises to suffer serious reputational losses. Companies that condone the loss of reputation as well as the violation of the personal data they are obliged to protect, may face serious sanctions under the Personal Data Protection Law.
In just the first 6 months of 2020, 16 billion data records were captured by cyber criminals. Data breach incidents experienced by world-renowned companies are an indicator of the increasing importance of cyber security. Here are the prominent data breach events in 2020...
In March 2020, rumors began to circulate that a Japan-based video game company was being hacked. The company soon confirmed these rumors. The attack, which involved unauthorized access to 160,000 user accounts, had worldwide repercussions. After attackers made in-app purchases with financial data from the captured user accounts, the company recommended account holders to use a two-step password verification method.
The data breach incident experienced by an airline operating in Europe in mid-2020 had great impact, resulting in the stealing of the data of 9 million passengers worldwide, also affecting 6,846 people in Turkey. The attack, organized by professional hackers, was carried out with custom-made malware that obtained passenger reservation information. The attack took place over a long period of time and was noticed quite late, causing increasing damage. The company is now facing multi-million pound lawsuits.
What happened in 2020 proved that data breaches can affect everyone. So, what should companies do to protect themselves from data breaches?
Generally, measures include making sensitive data (or information) inaccessible through encryption, protecting sensitive data with data masking methods, strengthening weak account information, and increasing security layers by using additional security features like two-factor authentication (2FA). It is also important to keep software on devices up to date, to require all devices use a professional VPN service and antivirus software, and to encourage user-friendly cyber security applications. Implementing powerful solutions for access security should be among the primary goals of any company that wants to be protected from data breaches. Using multi-factor authentication solutions, making use of tools that can detect threats at endpoints, and developing rapid response methods are among the organizational measures that can be taken against data breaches.
One of the most effective methods of ensuring cyber security and preventing data breaches within the company is to utilize Privileged Access Management (PAM) solutions, which enable the monitoring and control of users accessing critical data. With Kron's exclusive access management platform, Single Connect, you can protect your business from cyberattacks by ensuring high level security while accessing critical data.