Cybersecurity Awareness Month: Fortanix Action Plan to Mitigate the Impact of Data Breaches

Elizabeth Magill Fortanix
Elizabeth Magill
Published:Oct 28, 2024
Reading Time:3mins
cybersecurity

It is a grave mistake to assume you won’t be subject to a data breach. Yet, organizations often mistakenly believe they are not attractive targets for hackers because they think their data lacks financial or strategic value. Smaller businesses or those in niche markets may assume their low profile makes them less appealing to cybercriminals. Moreover, smaller companies may face more limited budgets and prioritize other business needs over investing in strong security measures.

An Overview of Recent Data Breaches

Yet, we recently conducted a survey of over 1000 business, IT, and security executives, which found that 80% of respondents said they’d had a data breach in the last 12 months. When we look at the responses from security executives alone – the segment of respondents closest to the issue and the most in the know -- 87% of respondents said they had a breach within the last 12 months.

These are stark numbers indeed. Even if you take the mindset that it’s when, not if you’ll experience a data breach, for 87% or more of you the when will be in the next 12 months.[Source]

And data breaches have a profound business impact. According to IBM, the global average cost of a data breach in 2024 is $4.88M, 1 10% increase over 2023, and the highest total ever. [Source]    

The total estimated cost of cybercrime is forecast to continuously increase between 2024 and 2029 from $9.22 trillion in 2024 to a whopping $15.62 trillion in 2029. [Source]

To give some context, that is more than all but two nations' Gross Domestic Product (GDP). So, to say that it is a major problem is basically an understatement. [Source]

Organization Affected Summary
National Public Data
  • 2.7 billion personal records stolen affecting virtually every person in the United States, Canada, and the UK.
  • Data included American social security numbers and was leaked on the dark web.
  • Raised public awareness of the need for identity monitoring and credit security.
Ticketmaster
  • Exposed 560 million customer records involving personal and financial information.
  • Resulting in unauthorized transactions and identity theft.
  • Triggered a lawsuit against the parent company, Live Nation, for potential security failings and anti-competitive behavior.
Change Healthcare
  • 145 million records exposed in ransomware attack.
  • Compromised sensitive information like social security numbers and medical records.
  • Led to a re-evaluation of security strategies by healthcare providers and insurers.
Dell
  • 49 million records exposed
  • Data included customer names, emails, and payment information.
  • Led to increased scrutiny from regulators and potential legal challenges
AT&T
  • Data exposed of 73 million current and former customers.
  • Involved social security numbers and account details discovered on the dark web.
  • Resulted in an ongoing investigation and threats of several class-action suits.

Source

The Impact of Data Breaches

As mentioned earlier in this blog, the financial impact of data breaches is quite substantial. But it is by no means the only way data breaches affect an organization.

As evidenced by the examples in the table above, data breaches can negatively impact organizations in the following ways:

  • Regulatory fines—Dell’s data breach resulted in increased scrutiny from regulators. That scrutiny has a cost, from extra labor costs to potential fines.
  • Ransomware payments—Some data breaches, like the Change Healthcare breach, may have been caused by ransomware attacks, and businesses may feel compelled to pay the ransom.
  • Lawsuits — In the Ticketmaster example, the data breach was a contributing factor causing the US Justice Department to sue for anti-competitive behavior. AT&T is under threat of multiple class action suits because of their breach.
  • Brand damage—the truth is, if you are subject to a data breach, the blame falls on you. Even if a third-party vendor or cloud provider is the root cause, the customers look to you to take responsibility.

Additional Resources: Streamline Data Security Strategies

Action Plan to Mitigate the Impact of Data Breaches

Encrypt Data: Encryption is one of the most critical defenses against data breaches. It converts your data into a secure format that is unreadable without the appropriate decryption key. When properly implemented, encryption ensures that even if unauthorized parties gain access to your data, they cannot decipher or misuse it.

There are many ways in which you can encrypt data, and it’s important to have a solution that supports the wide array of data encryption needs your business may have including encryption of full disks, file systems, applications, and databases.

Tokenize Data: Tokenization is another effective method for protecting sensitive information. This process replaces sensitive data with a token—a unique identifier that has no meaningful value without additional information stored in a secure system. Consider data tokenization for when you want to use your data across applications, workflows, and AI models, but need the assurance that it is private and compliant.

Additional Resources: A Guide to Data Tokenization

Key Management: Encryption alone doesn’t stop unauthorized access. Errors in setup or configuration can expose data, and it doesn’t guard against insider threats. Effective security requires key management, access controls, audits, and training for full protection.

Encryption keys must be stored, rotated, and accessed securely to maintain data security. Ineffective key management can render encryption useless, leaving your data vulnerable. Having siloed key administration for all your different environments results in poor crypto posture visibility and increased resources. Implementing a policy-based, centralized Key Management System (KMS) helps automate and enforce best practices in managing encryption keys securely and consistently.

Additional Resources: 10 Key Management Best Practices

How Fortanix Can Help

Fortanix Data Security Manager is a unified platform that provides encryption, tokenization and key management across on-premises and multi-cloud environments from a single pane of glass, making it easy for organizations to apply consistent security policies wherever their data resides.

Our novel Key Insight solutions can also help you discover exposed data services so you can quickly close security gaps. Check out this short explainer video to learn more. We also offer a free 30-day trial, so you can see firsthand how Fortanix Data Security Manager can help you achieve your data security goals.

Share this post:
Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712