Abstract
The objective of this essay is to report on the concept of data breaching. The author collects data on the different elements involving data breaching from secondary sources, especially from peer reviewed journals, books, and websites of repute. The information collected concerns the definitive terms of data breaching whose scope involves the specific types of information that is at the risk of being stolen and how much information has been stolen or exposed within the past five years in America. The report also explores information on the top forms of data breach, the laws, and policies governing information systems, the prevention of the breaches, and the effects of such occurrences on both individuals and on corporation. The author finds that the scope of information management, even though it recognizes personnel in charge of the protection of information assets, is too wide to be managed by a few individuals in the workplace. Therefore, all stakeholders in the organizational setting have the responsibility of striving to keep their data secure from possible breaches.
Introduction
Information management relates to a concept of the information systems of organizations in which the institutions produce, own, and manage suites of information. Such information could be in forms of data, both physical and electronic. In this case, information management entails the control of information produced within given firms as well as the levels of governance that a given organization has over its assets of information. It is plausible arguing that information management is only attainable through the building of systems of information management that take care of all the processes involved in the generation, storage and usage of information within an institution. The critical function of information management in any organization highlights that it has the role of ensuring security of information. Changes in the technological world and the dynamics of the workplace have caused a challenge in the recent years concerning the safety of data. Therefore, understanding what factors entail information security for organization is useful for such institutions considering that data is among the most vital assets that companies in the 21 st century own.
Delegate your assignment to our experts and they will do the rest.
The objective of this essay is to inform on the concept of data breach, which is one of the most pressing organizational concerns in information management of the present time. The paper begins with the definition of data breach in a section of the essay that also includes a description of specific information targeted and statistics on information breach in the US within the last five years. The essay also explore and reports information on the manner in which data breaches could affect corporations and individuals before reviewing literature on the appropriate methods of dealing with data breaches. The last two sections of the paper are the policies and laws governing data usage in the US and the top cases of data breach in the contemporary world. From the analysis in the essay, the author discovers and concludes that information security is a shared responsibility among all stakeholders in the workplace since the challenges resulting to breach of data are diverse.
What is Data Breach?
The Definitive Terms of Data Breaching
Webster’s definition of breaching is that it involves the literary action of breaking as in the violation of a standard, an obligation, or the law (Cayne & Bolander, 1991). The same definition argues that a data breach refers to an incident in which encrypted databases are broken into or hacked and the critical information stored in them compromised (ICO, 2018). The use of the term ‘data,’ in this case, mostly relates to confidential, protected or sensitive information, which might include records of clients that the law protects or the federal regulation direct that they be protected. Overall, data breaches occur when unauthorized parties gain access to confidential information within an organization, which may be interpreted as a violation of the set procedures of accessing information.
The Most Common Types of Information Stolen During Breaches
While each category of information is critical for an institution, it should be noted that the most targeted information relates to personal information that may categorized into five groups. First, the hackers target payment information of individuals. It is worth noting that credit card information is among the most attractive forms of data for cyber theft. The fact that credit card information offers quick cash accessibility in different ways, including selling the cards on black markets, using the cards to shop expensively, and siphoning the bank accounts of victims, makes such information one of the most vulnerable (Morgan, 2014). The process of purchasing and selling information concerning credit card numbers of individuals is quite easy, which is why users of such facilities should always strive to avoid being hacked.
Authentication details are the second category of data targeted by data thieves. Details that allow individuals to access online systems are quite valuable for players within the black market. For instance, consider the login details the president of a given financial institution, such as a bank or a given celebrity. Such information is quite confidential for the fact that it holds key to the reputation of the individuals and their financial stability considering that they might be operating heavy bank accounts. It is quite regretful that people tend to use the same passwords and other login credentials for different online accounts, which makes it susceptible to attacks.
Information breaches also concern the theft of medical records. The public should be aware that hackers might sell stolen medical records on the black market, utilize such credentials in the obtainment of medical services for their advantage, which might include billing insurance firms for phantom services in fraudulent methods among others. Another issue of public utility is identity theft involving medical credentials is worse than that entailing financial information since legislations on consumer protection are fewer in medical health records than they are in the financial context (Morgan, 2014).
Other types of information targeted in data theft include copyrighted material and classified information. Concerning copyrighted material, it is notable that hacking has increased the possibilities of acquiring copyrighted material, such as software free and even transferring the ownership of such products to other parties illegally. If this events occur, organizations involved in the production of such products stand to lose significantly. On the other side, classified information may include trade secrets and other types of information that should not be shared with unauthorized parties within the workplace or any other settings.
Data Breach Statistics in the US
Breaches in data have gained public attention with the growth in the use of digital file forms by firms as well as the reliance on the use of digital information. While data breaches occurred before information was digitalized, the rise of the digital platform increased the challenge since it raised the volume of data exposed to breaches as well as the instances of such events. Figure 1 indicates the path that data breaching has taken for the last twelve years. From the impression, it is clear that he rise of the digital platform has been increasing both the number of records exposed to breaches and the actual activities of breaching. More than 9.5 billion data records have been stolen or lost from 2013 at a frequency of 5035180 records per day, 209799 per day, 3497 per minute, and 58 per second from 2013 to present ( Breach Level Index, 2017 ). Figure 2 indicates the frequency of data breach per industry within the US. From the visual, it is apparent that the corporate world is the most targeted by the events of data breaching.
Figure 1 : the prevalence of data breach in the US from 2005 to 2017. Adapted from Statista (2018a)
Figure 2 : the incidence of information breach across industries in the US from 2014 to 2017. Adapted from Statista (2018b)
The Causes of Information Breach
Describing the causes of data breach is cumbersome for the fact that studies differ in the manner of their grouping of such causes. Nevertheless, a critical review of literature on the subject suggests that the different causes of information breach may be classified into three. The first category refers to the criminal, intentional, or malicious causes. In describing this category of sources, organizations and personnel concerned with information management should comprehend that information breaches are similar to the conventional forms of crime because they entail planning, identifying specific targets, and execution (Cheng, Liu, & Yao, 2017). For the most part of their occurrence, data breaches affect targeted organizations negatively, which further explains the similarity between them and the conventional forms of crime. Information thieves employ a broad range of strategies under this category of causes, including diversion of money, theft of intellectual property, cybercrime, fraud, hacking, scams, and phishing among others (Cheng, Liu, & Yao, 2017). Currently, identity theft is the most significant forms of data breaching in the US and around the world (Statista, 2018a).
The second category in the classification of the causes of data breaching is that of system glitches. One might wonder why their computers, for example, would be working in the evening only not to do so the following day when they are turned on. These are common problems that most people seem to ignore since they are solved within the shortest time possible to allow people to get back to their routine activities. However, the public should comprehend that this cases are often related to instances of data breaching that happen unconsciously. The events might involve virus attacks or an injection of malware into information management systems that would then start spying on critical data and collecting it as instructed by the attackers.
Human errors are considered the last group of the causes of data breaches. People are supposed to play their role in ensuring they keep information systems secure from the possibilities of attacks through activities such as using strong passwords, securing data centers, keeping passwords secretively, and avoiding sharing information with unauthorized persons (Cheng, Liu, & Yao, 2017).
The Effects of Data Breaches on Individuals and Organizations
The Effects on Individuals
Since identity theft is the most common form of information breaching, individuals are often exposed to the risk of damaged reputations by the events. Some of the stolen personal information may be related to private individual living, which some people would never want to share. Therefore, stealing and exposing this type of information may affect the reputation of such persons, especially when the perpetrators of the actions seek to spoil the images of victims (Choo, 2011). The second effect of information breaching on persons is the fact that it might result in adverse economic returns, especially when it happens within the corporate sphere or when it concerns the loss of financial information data.
The Effect on Organizations
Organizations are equally affected by the cases of data breaches. The most significant effect is the fact that such attacks may result in financial losses. For example, a financial services firm might lose significant amounts of money through identity theft involving the accounts of clients and the administrative passwords of managers (Garg, Curtis, & Halper, 2013). Another case might result when companies lose their trade secretes or client details to their competitors. The level of financial losses the result from such activities is overwhelming since it might threaten the competitive advantage of some businesses (Garg, Curtis, & Halper, 2013). At the corporate level, information breaching may also cause loss of reputation of companies among its clients, especially when they discover that their personal information managed by the organizations has been stolen. This way, customers are likely to reduce their trust towards the organizations, which reduces their brand equity.
Prevention of Information Breaches
It is apparent that the sources of information breaching are both external and internal. Therefore, dealing with the challenges of data breaching should involve strategies that address both the external and the internal environment. Literature approaches this issue using broad-ranging strategies, which can be summarized two approaches. First, companies should embark on the development of organizational cultures in which workers are aware of the risks factors and effects of information breaches (Cheng, Liu, & Yao, 2017). Within this culture, it would be possible for management to define the procedures of data handling, including which parties may access specific categories of data and which ones may not. The personnel concerned with handling of information systems may also be trained on the best strategies of ensuring the security of corporate and individual information, which is critical in ensuring responsible handling of information resources (Cheng, Liu, & Yao, 2017). Trivial activities, such as setting strong passwords, avoiding using personal devices at the workplace, regular network scanning, and others may be useful in ensuring the safety of information systems within the organizational settings.
Second, institutions should be ready to deal with challenges from the external environments through the installation of systems that monitor and report instances of attacks on the information systems infrastructure. These activities may be part of the security plans that organizations adopt to deal with attacks on the resilience of information systems. As much as the programs may be diverse according to the needs of each organization and the nature of the industry in which it operates, critical attention should be given to the program to ensure effective monitoring of possible attacks and updating the systems to ensure that they are as current and up-t-the task (Cheng, Liu, & Yao, 2017).
Laws and Policies on Data Breaching in the US
The US does not have a comprehensive and consolidates law seeking to protect data. Instead, the protection of data in the country falls primarily under several federal laws that are sector-specific as well as state laws ( Bacon et al., 2018 ). It should also be noted that section 5 of the Federal Trade Commission outlaws deceptive or unfair actions or practices in commerce ( Bacon et al., 2018 ). The sector-specific legislations have different demands on organizations relating to the protection of data. For instance, the Gramm-Leach-Bliley Act directs that all organizations operating in the financial industry devise proper physical, technical, and administrative measures that would ensure confidentiality and security of the personal information of their clients ( Bacon et al., 2018 ). In addition, the Health Insurance Portability and Accountability Act direct that service providers institute measures that would promote the security of protected health information of patients. The country also lacks laws directing the notification of data breach, which is why such duties lie in the hands of states. In this case, each state has its standard of informing cases of data breach to their respective attorney generals or other state agencies concerned with the protection of information ( Bacon et al., 2018 ). The state laws also direct that organizations notify clients on the events of breaching as soon as they learn of their occurrence.
Top Data Breaches
The world has seen instances of data breaching some that have been minor and some, which have been major. Identifying the biggest instances of data breaching, therefore, would be a difficult task. However, below is a list of three of the cases that involved the largest loss of data in history.
Yahoo in 2013
An attack on Yahoo in 2013 resulted in the compromise of approximately three billion users worldwide (Palermo & Wagenseil, 2017). The event of the attack and the amount of data that was stolen from the company is regarded as the largest in the history of data breach. However, the actual figure of the number of accounts that has been compromised during that attack remained confusing since the company kept on updating the information with time starting from five hundred million to one billion before the final figure emerged in 2017. It is clear from the list that most of the hackers target social media from where they extract personal information of careless users.
FriendFinder, 2016
More than 412 million users of the online adult content website were hacked and their information compromised in 2016. According to Palermo and Wagenseil, the users were easy to hack for the fact that most of them had used passwords that the weak SHA-1 algorithm protected. Before the crisis would be realized in reported, close to 99 percent of the user accounts had been hacked.
MySpace, an Unspecified Date
Even while the exact date of the compromise is not reported, Palermo and Wagenseil suggest that the online social networking website that dominated the market approximately a decade ago was hacked. The cited study indicated that the company lost personal information related to more than 360 million users.
Conclusion
The scope of data breaching and the agents involved in the process is quite wide. For instance, organizations and individuals have to understand that they are exposed to internal and external risk factors to the loss of their critical information. Attackers go for the soft spots, utilizing complacency on the part of companies and individuals to secure their data to exploit them. Such people appear to seek personal identification information that they may use to affect the reputations of organizations and individuals as well as to inflict financial pain on them. Therefore, protecting data from possible breaches should entail a holistic approach that considers the external and internal dangers to the security of such information. One of the ways of achieving this state is to have a workplace culture that sensitizes people on the risks of breaching and the benefits associated with responsible usage of information. As the essay notes, most of the attackers focus on social media where people share tons of personal information that is protected weakly, making them the easiest targets.
References
Bacon, M.B., Soto, J.L., Dunifon, J., Simpson, P.A., Logan, P.R., & Olney, M. (2018). Data security and breach notification in the USA . Retrieved 17 April 2018, from https://www.lexology.com/library/detail.aspx?g=b9a0edc0-fc09-4924-a531-f669e9b8941f
Breach Level Index (2017). Data Breach Statistics by Year, Industry, More - Breach Level Index . Retrieved 17 April 2018, from http://breachlevelindex.com/
Cayne, B. S., & Bolander, D. O. (Eds.). (1991). New Webster's dictionary and thesaurus of the English language . Lexicon publications.
Cheng, L., Liu, F., & Yao, D. D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery , 7 (5).
Choo, K. K. R. (2011). The cyber threat landscape: Challenges and future research directions. Computers & Security , 30 (8), 719-731.
Garg, A., Curtis, J., & Halper, H. (2003). Quantifying the financial impact of IT security breaches. Information Management & Computer Security , 11 (2), 74-83.
International Consumer’s Office (ICO) (2018). Security breaches . Retrieved 17 April 2018, from https://ico.org.uk/for-organisations/guide-to-pecr/communications-networks-and-services/security-breaches/
Morgan, L. (2014). The 5 most common types of data stolen . IT Governance Blog . Retrieved 17 April 2018, from https://www.itgovernance.co.uk/blog/the-5-most-common-types-of-data-stolen/
Palermo, E., & Wagenseil, P. (2017). The Worst Data Breaches of All Time . Tom's Guide . Retrieved 17 April 2018, from https://www.tomsguide.com/us/pictures-story/872-worst-data-breaches.html#s5
Statista (2018a). U.S. data breaches and exposed records 2017 . Retrieved 17 April 2018, from https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/
Statista (2018b). Number of data breaches in the United States from 2014 to 2017- U.S. data breaches by industry 201 . Retrieved 17 April 2018, from https://www.statista.com/statistics/273572/number-of-data-breaches-in-the-united-states-by-business/
