In 2015, we faced many ambitious and controversial data leaks. Thus, we can mace a conclusion: hackers are becoming more sophisticated while users are still imprudent and careless. The recollection of the most striking cases of information security breaches can help us to understand the most common ways of data leaks. As well as how to organize our data protection systems to avoid material and reputation losses.
Large-scale data leaks
- The hack of the insurance giant Anthem is an indisputable leader of 2015. The personal data of almost 80 million people has been compromised during this information security breach. The hackers stole the names, addresses, dates of birth, and social security card numbers of the Anthem’s users. Yet, hackers failed to get medical information and credit card numbers.
- Twitter‘s shares have fallen in price by 18% since the financial activities of the company has been published in open access ahead of time. In monetary terms, the company’s losses amounted to 5 billion dollars.
High officials are on the first cast
Senior government officials appeared in the most high-profile reports on data leaks. The interest in this category of users is clear. But not always the personal data leakages are caused by the hackers. Here are a few examples:
- The passport data of almost all (164 of 170) members of the Russian Federation Council were stolen and released. But in this case, not the fact of the data leak but the reaction of the victims is notable. One of the senators said, that it is … unpleasant, but it can be explained in the information age.
- A brother of the former US President Jeb Bush has published on his website about 300 thousand letters the voters sent him. But by mistake together with the letters, the politicians’ staff has also published the personal data of the authors of these letters, including their social security numbers.
- Hackers are to blame for the data breach in the United States Office of Personnel Management. They compromised 4 million accounts of the current and former state employees. Since the organization handles the selection of the staff for various ministries and departments, the data leak caused a grave scandal.
- As it turned out while holding the post of the Secretary of State, Hillary Clinton, the former Secretary of State, President’s wife, and a Presidential candidate (all in one), used an unprotected email account for official correspondence and it was finally hacked. Now, when Mrs. Clinton is running for the presidency, this fact can significantly reduce her chances. The US state officials are obliged to use only a secure official mail to prevent data breaches. It is unlikely that the neglect of the legislation will add awards to the candidate.
- Indian high-ranking officials from the Ministry of Finance (one of whom was the Deputy Minister) also distinguished themselves in 2015. They have stolen the foreign capital investment plans for the Indian economy and tried to sell them for half a million dollars. But finally, they were seized along with their intermediaries.
Why do we pay spies?
The protection against the data leaks will not work unless the duty-bound people who own this or that information stop boasting it in social networks. Here, hacks and breaches are of no need: the secrets are divulged for free.
South Korea was hit by several absurd incidents that disclosed military secrets. During the crisis that occurred between the country and its northern neighbor, one military emailed his friend a screenshot showing the deployment of troops. Another one wrote a post about the drone flight, and the third one recorded and posted on the social network a radio message of the command.
As you can see, often, data protection suffers not because of the Trojan viruses and other ingenious hacker stuff. As it often turns out, users are to blame – either they want to show their awareness, or simply are too sloppy and careless. And neither job descriptions nor military oath is a hindrance for them.
Realizing this, today’s companies are spending a large share of the funds, allocated for the information security, to prevent human errors and irresponsibility. For this purpose they use the following:
- complex access control procedures to the different kinds of data;
- two-factor authentication, which is introduced almost everywhere;
- OTP tokens for generating one-time passwords;
- staff training on information security rules.
This approach is more productive since the most appropriate methods and tools will be chosen for a particular situation to achieve the goal. For example, the user will get the OTP token and software, which meets his needs best of all.
The companies that respect themselves and their clients care about the users’ data protection just the same way as about the quarterly financial results because it ensures reputation and profits.