By Todd Thiemann
I attend a variety of IT conferences and get to see my share of CIO panel discussions. One thing CIOs often emphasize is that they use recent news stories to explain the tremendous cost and reputational damages of data breaches to their organization’s executives and board members.
While many involved in IT get tired of fearmongering in the marketplace, the fact is, explaining breaches to management and boards can be the most effective way to justify an increased budget for projects that tighten the security ship.
Hypothetical instances don’t always sway decision makers, but real-world receipts in the form of notorious news stories that focus on recent company breaches can.
For that reason, I’ve compiled links to a number of powerful stories on recent breaches I hope you’ll use to convince the powers-that-be in your organization that you need a spike in your cybersecurity budget—or else, look what can happen!
Healthcare Industry Data Breaches
Protecting sensitive data is especially critical in the healthcare industry, as electronic patient health information (ePHI) is heavily sought by cybercriminals. That’s why the industry has such stringent regulations (HIPAA and HITECH) to protect that data.
For the most comprehensive list of healthcare organizations that have been recently compromised, you can always visit the DHHS Office of Civil Rights Breach Portal. It includes more than 500 publicly disclosed breaches and counting.
Just a few weeks ago, Miami-based Jackson Health System was fined $2.15 million for three separate HIPAA violations over the course of several years.
Also in October, Alabama’s DCH Health Systems was victimized by a ransomware attack and had to turn away patients at all three of its hospitals.
State and Local Government Breaches
State and local governments store and transfer citizen-related data in multitudes. We’re talking data in the form of permits, licenses, tax information, and more. To keep cities and states thriving, government operations must move on continuously without a hitch. If they don’t, they’re susceptible to cyberattacks, particularly those involving ransomware.
Ransomware is a huge issue for state and local governments. Take a look at the Ransomware Attacks Map (with links to detailed articles on successful attacks) on StateScoop.
The city of Baltimore was hit by a devastating attack earlier this year and is still trying to recover. Baltimore is now purchasing $20M in cyber insurance to pay out contractors for the fallout yet to come.
And here’s the New York Times’ account of the coordinated cyberattacks in August that ground operations to a halt for 22 towns in Texas.
Businesses of All Sizes
Just a few years ago, many smaller firms considered themselves immune from cyberattacks, thinking since they’d didn’t read news stories about data breaches to companies their size, they didn’t have the sort of data hackers sought. But that thinking made them more susceptible targets, and cybercriminals know that 10 easy data breaches of 10,000 records each is just as lucrative as one exceedingly difficult attack that might yield 100,000.
Of the small businesses that have experienced data beaches in 2019, 10 percent have already shut down.
Not that it’s gotten any safer for large enterprises:
The Hy-Vee supermarket chain was hit first by malware on its gas station pump, restaurant, and coffee shop point-of-sale systems, and then hit by a customer lawsuit.
Customized gift retailer Café Press also faces a class-action lawsuit after 23 million customers had their personal information stolen in a February data breach.
Not to be outdone, iced tea-giant Arizona Beverages had their sales and distributions operations disrupted big-time by a ransomware attack that meant their IT network had to be effectively rebuilt from scratch.
What You Can Do
These pieces of unpleasant breach news can help you justify the budget and resources you need for important security initiatives. And in the cybersecurity landscape today, 24/7 monitoring and threat detection and incident response are critical for mitigating attacks before they have significant impact.
You can see this in some recent articles where Arctic Wolf customers have explained their security challenges and how they arrived at a security operations center (SOC)-as-a-service as the optimal approach to meet their security and compliance challenges:
- How Sparks, Nevada, is rethinking security after ransomware (StateScoop, 26 September 2019)
- Try Managed Detection and Response to Boost Hospital Cybersecurity (Healthcare Business Today, 17 June 2019)
- Case Study: Planters Bank Boosts Security with Managed Detection and Response (Bank News, 24 July 2019)
- Improving Cybersecurity and the Bottom Line (Credit Union Times, 16 November 2019)
Arctic Wolf™ Managed Detection and Response can be a force multiplier for your IT team. It helps you avoid the types of data breaches referred to here that become headline-making events.
To learn more, and discover ways we can help you to better secure your business, visit https://arcticwolf.com/company/contact-us/
About the AuthorYou might also be interested in...