Given major developments as we near the third quarter of 2024, it’s high time for a cybersecurity update. Among other news, National Public Data (NPD) announced that there had been a major data breach that saw hackers obtain millions of names, email addresses, phone numbers, social security numbers, and mailing addresses stored in its database.
More information about the NPD breach
Based on the newest information, the National Public Data breach initially occurred in 2023 but intensified, was detected and then publicized in 2024. The breach has leaked in excess of two billion individual identifiers – emails, phone numbers, names and social security numbers. The company has already made a statement regarding the breach which is viewable on their website.
Among other allegations, it has come to light that an NPD sister site was until recently hosting an easily accessible plaintext archive with usernames and passwords. According to the NPD, which has since taken down the sister site entirely, the information located in the file was old and no longer relevant. It nevertheless intensifies worries regarding the security of players processing critical personal information.
We can expect the leaks to strengthen trends of lower-level cybercrime, including identity theft and fraud using the identifying information. More importantly for companies, there is potential for the same fraud to be used in spearphishing or other targeted attacks.
Impacts of cyberattacks
Cyberattacks have a number of implications for affected organizations, including a number of direct costs and hidden impacts. It’s fairly common to speak of the direct costs – ransoms paid, damages inflicted and so on, but it is instructive to look over the other categories as well:
Direct Financial Impact of cyberattacks
The direct financial impact of cyberattacks is something that we have covered repeatedly, and the most obvious outcome. The average cost of a data breach ballooned to $4.88 million dollars in 2023, a 10% spike over the previous year, according to a recent IBM report. While we have no final data for 2024 there is no reason to expect this upwards trend to reverse.
This cost, while high, remains only the initial impact on an organization that has been targeted by criminals. Other costs will pile on top of this to compound the costs – which will end up several times higher.
Operational Disruption
Operational disruption is the next immediate set of costs potentially incurred by a company. If a breach is made, normal operations for the company are immediately interrupted and replaced by internal audits and recovery processes. This is further compounded in the case of attacks by ransomware or other destructive attacks where your access to internal data is interrupted.
During this period of recovery, the company is continuing to incur operating costs while not performing their standard business. This imbalance of costs only corrects itself when and if recovery finishes.
Long-Term Reputational Damage
Long-term reputational damage is one of the less tangible costs, but potentially the most impactful considering the indeterminate length of time when it applies. In the case of the NPD, for example, we can expect a general level of distrust which will impact their ability to do business into the future. These costs are impossible to accurately predict and calculate, but have the potential to be truly massive.
Regulatory and Compliance Costs
Non-compliance with frameworks such as GDPR in Europe or HIPAA in the United States can result in substantial fines. In 2020, Marriott faced a fine of more than $23 million by the UK’s Information Commissioner’s Office for a breach that affected millions of guests.
This fine was eventually knocked down to a lower cost, but nevertheless underlines the risk associated with failing to adhere to regulations and running afoul of governmental oversight organizations.
Protect your business
Protecting your business from cyberattacks and their associated risks and costs is a major part of ensuring future success. This requires careful planning and preparation – preparation including investing in training, disaster recovery preparations, and associated security measures.
Among these measures are data protection, recovery or retention systems. Archives or backups are an integral part of keeping your security posture up to date and prepared. By protecting your data, these systems minimize your recovery time and reduce operational disruptions to your business – in addition to meeting legal requirements set down by government regulations.
If you are ready to take the next step in protecting your business, contact us. Our team will be with you every step of the way to walk you through the possibilities offered by our software and how we can best meet your data security and retention needs.
Your Data In Your Hands – With TECH-ARROW
