October is National Cybersecurity Awareness Month: Here’s What Happened Over the Past Year
National Cybersecurity Awareness Month (NCSAM), a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and ensure access to resources, is coming up this October.
Following last year's 'Our Shared Responsibility' theme, this year's theme, 'Own IT. Secure IT. Protect IT.', will focus on personal accountability and proactive behavior, including actionable steps that anyone can take at home or at work.
Let's take a look at what has happened in the world of cybersecurity over the past year and NCSAM's recommendations for taking personal responsibility and actionable steps to prevent data breaches.
October is National Cybersecurity Awareness Month and this year's focus is on personal accountability and proactive behavior.
Major Breaches in 2018 & 2019
More than six million records are stolen every day, according to the Breach Level Index, which represents about 70 records each second. Despite advances in cybersecurity software, even large tech companies make simple mistakes that expose sensitive data. These problems are only increasing as more data comes online.
The most significant data breaches over the past year have included companies across many industries:
Facebook: Sensitive data from more than 540 million Facebook users were exposed on Amazon cloud servers in April 2019. Two third-party Facebook app developers posted about 150 gigabytes of user data, including account names, IDs, friends, photos, locations and unprotected passwords in a publicly-accessible place — although the most sensitive disclosures only involved about 20,000 users.
First American Corporation: More than 885 million personal and financial records tied to First American Corporation mortgage deals going back to 2003 were exposed in a massive data breach in May 2019. The documents included bank account numbers, statements, mortgage and tax records, social security numbers, wire transaction receipts and drivers license images — and the company is now under SEC investigation.
CapitalOne: More than 100 million CapitalOne customer and applicant details were exposed in a data breach in March 2019, including names, addresses, birth dates, credit scores, transaction data, social security numbers and linked bank account numbers. The source of the breach was a hacker that downloaded the data from a rented cloud data server and openly discussed the breach on Twitter.
Marriott: Marriott disclosed a massive data breach affecting up to 500 million guests in November 2018, including their names, addresses, credit card numbers, phone numbers, and even their passports, travel locations and arrival and departure dates. The high value of the information led some to believe that it could be the target of a nation-state hacker looking for information about diplomats and executives.
Quest Diagnostics: Quest Diagnostics disclosed a data breach affecting nearly 12 million patients in June 2019, including credit card numbers, bank account details, medical data, social security numbers and other information. The actual data breach happened at American Medical Collection Agency, which Quest Diagnostics used to outsource billing activities, resulting in the compromise of its customers’ data.
These data breaches may focus on large companies, but small businesses aren't immune to these issues. In fact, 43 percent of small businesses immediately shut down following a data breach and only six percent survive two years. It's important for companies of all sizes to take cybersecurity seriously to avoid these incidents.
Biggest Cybersecurity Trends of 2019
The battle between cybersecurity professionals and criminals means that attack vectors are always changing. While a simple firewall may have been enough to prevent an attack years ago, many modern cyberattacks rely on social engineering to trick employees into handing over sensitive data or vulnerabilities in difficult-to-track-down IoT devices.
Download our free Checklist of Small Business Cybersecurity Goals for 2019-2020 for inspiration when developing your own technology plans.
Some of the biggest trends in cybersecurity include:
IoT devices: Internet of things, or IoT, devices pose unique security risks. Without the right security precautions in place, these devices can easily become an entry point for larger attacks against a corporate network.
Cloud services: Many businesses are transitioning to cloud infrastructure without fully appreciating the risk. Without a security policy in place, mismanaged cloud permissions or practices could expose data to attackers.
Phishing attacks: Modern cybersecurity software may be capable of thwarting many conventional attacks, but spear phishing attacks can't be prevented by technology alone. These attacks are a common way to gain access to a network for a wider attack.
Data privacy: The European General Data Protection Regulations, or GDPR, and other regulations are seeking to impose new penalties on businesses that suffer data breaches and/or fail to protect user information.
How to Prevent Data Breaches
The National Cybersecurity Awareness Month 'Own IT. Secure IT. Protect IT.' theme comes with a series of recommendations to promote accountability and proactive security at home and in the workplace. With this advice in hand, many common cyberattacks can be prevented at an employee level before requiring system level protection.
- Never click and tell: Stay safe on social media
- Update privacy settings
- Keep tabs on your apps: Monitor the status of your device applications
- Shake up your passphrase protocol: Create strong, unique pass phrases
- Double your login protection: Turn on multi-factor authentication
- Shop safely online
- Play hard-to-get- with strangers: Learn to spot and avoid phishing
- If you connect, you must protect: Update to the latest security software, web browser and operating systems
- Stay protected while connected: Practice WiFi safety
- If you collect it, protect it: Keep customer data and information safe
In addition to these best practices, it’s important for companies to have comprehensive system-level protections in place. Jungle Disk provides a cybersecurity suite that’s customized for small businesses with less than 200 employees, including active network protection, password management, secure backups and a wide array of other services.
The Bottom Line
Data breaches and cybersecurity threats continue to rise each year and system-level protection isn’t enough to stop every attack (although it’s necessary to prevent most of them). This year’s Cybersecurity Awareness Month message is focused on personal accountability and taking proactive steps to improve cybersecurity and address any issues.
In addition to these proactive steps, Jungle Disk and other cybersecurity software solutions can provide system-level protection and help enforce personal responsibilities. Our Active Network Protection mitigates filters malware and viruses while mitigating DDoS attacks, while out TeamPassword solution helps manage and enforce strong passwords.
Sign up for Jungle Disk to secure your small business with easy-to-use solutions that are always up-to-date.