Data is now one of the most highly valuable commodities that organisations and companies can possess. The Personal Identifiable Information (PII) of clients, suppliers and employees are essential assets that entice cyber criminals to hack into systems to steal that information which is then sold on the black market. When that information ends up in the wrong hands, it can be resold again and again, thus more than doubling the increase in security threats to individuals.
Today major threats
Today, three major threats are the theft of a person’s identity, a person’s bank details, and medical records. If companies do not realise the value of such sensitive data, they are incapable of making the correct decisions concerning the high levels of security investment that is needed to protect PII.
With the COVID 19 pandemic turning organisations upside down this year, the security of PII for these sectors and all other industries is urgent. In March of this year, 832 million records were breached. It can take an organisation 100 days to find out if their data has been compromised, with companies and organisations facing the legal requirement of just 72 hours to inform clients.
In April, with the majority of employees working from home (because of the pandemic) and using the meeting App “Zoom” to conduct company and client meetings, a major cyber breach happened, with over 500,000 teleconferencing accounts being found for sale on the dark web and hacker forums for as little as $0.02. A credential stuffing attack stole email addresses, passwords, personal meeting URLs, and host keys.
Data risk vigilance needs to be applied to all types of confidential and valuable data, and the levels of vigilance can vary according to the specific industry sector. Indeed, there are significant differences in both the level of vigilance applied to assessing and mitigating the level of risk, including the relative value attached by various market segmentation, countries, and stakeholders various types of data.
How industry sectors influence data privacy concerns
Apart from major differences in the perception of PII value between countries and businesses across the globe, industry sectors influence which data is most sensitive. For example, healthcare and hospitality sectors prioritize PII data whereas industrial and IT/Communication companies see IP addresses as the most important.
Banking and financial sectors
For the banking and financial sectors, compliance regulations and country privacy laws are perhaps the most stringent of all sectors. Encryption, along with proper strict management can mean the difference between a public breach and a safe and secure environment. The encryption of sensitive private data is perhaps the hardest part of securing PII, for this entails industry tested and accepted algorithms along with strong key lengths. There are many levels within an organisation’s stack that encryption can be deployed, ranging from the operating system to the application and database level. The location where encryption is implemented has security implications at different levels, but the most secure are at the database level, and the application level which involves an encryption library and a key retrieval service. EU legislation requires that this encryption meets strict compliance requirements.
Threats for PII in the healthcare industry are particularly high and malicious activity is rife. Given the particular role that healthcare plays in society, and its relationship with extremely sensitive information, risks of breaches are consequential. Medical research data and PII are continuously targeted and retargeted by multiple threat hackers. Complying with laws and regulations is but a part of vital issues facing this industry. Cyber threats range from the criminal targeting of client data to the less frequent but high impact cyber espionage intrusions as well as disruptive and destructive threats. For example, years of cyber related theft of trial research on treatments such as cancer drugs have led to the Chinese market providing drugs at reduced cost. In addition, the theft of medical databases has led to an astronomical number of medical-related databases for sale on the black market at cost cutting prices.
Other industries where the protection of PII is vital include the Legal profession, and the Insurance sector. Insurance companies often process PII to underwrite risks and provide claims handling and other insurance related services that can be linked to a person’s health or medical treatment. They are particularly vulnerable to cyber-attacks as large amounts of PII are stored in policy holders.
The Legal Profession is also a prime target for hackers. Law firm network environments serve as an entry point for sensitive information, and without the correct IT security investments, this sector is open to attack. Firms must address IT security issues urgently by managing security initiatives, documenting security policies along with disaster recovery and incident response plans, implement IT security technologies, establish a cyber liability insurance policy, and conduct periodic vulnerability and penetration testing.
The hospitality industry is another sector that holds the PII of millions of clients. A major cyber attack happened very recently this year on one of the world’s leading hotel chains that exposed the information of 5.2 million guests. The list is endless.
Ensuring the security of PII is therefore critical and companies need to make investments in the latest IT technologies as threats become more complicated and hackers take advantage of the current confusion in society caused by COVID 19, to infiltrate networks and steal valuable information.
Would you like to find out how ARender security and privacy features can help you improve your customers' experience?
Sign up now to see a security-oriented demonstration!