Publicly traded companies suffered an average decline of 7.5% in their stock values after a data breach. (Harvard Business Review - The Devastating Business Impact Of a Cyber Breach May 04, 2023, Keman Huang, Xiaoqing, et al)
Information security and data privacy IT Investment is largely impacted by the allocation of Operating Expenditures (OpEx) and Capital Expenditures (CapEx).
Attackers are constantly probing for vital information. critical data-centric assets and infrastructures such as applications, data centers, file servers, Backup Systems, Virtual machines, Saas, etc. for vital information. (nmap Footprinting and Recon easily reveal sensitive network information )
Integrating privacy-enhancing technologies (PETs) into organization processing can help you implement data protection effectively. (ico June 23)
IC3 received a total of 3.26 million complaints, An aggregate data for complaints and losses over the years from 2018 to 2022. reporting a loss of $27.6 billion.
Zoom: Over 2,300 usernames and passwords user Zoom accounts database containing Zoom credentials leaked by cybercriminals. (ITworldcanada 2023)
Pwc: In May 2023 PWC suffered MOVEit cyberattack, its database was breached, 379 organizations and a total of 19 million individuals were affected. (ITwire 2023)
Solarwind: SolarWinds hack named 'largest and most sophisticated according to Thomson Reuters media, The breach affected over 18,000 SolarWinds customers.
Sick Kids: Hospital for Sick Children in Toronto Hit by LockBit Ransomware Attack in Dec 2022. No ransom was paid and 100% of its systems have been restored.
Kroll: FTX bankruptcy claims, that Kroll Data Breach has resulted in the leak of sensitive information affecting millions of people across 56 countries and regions resulting in the theft of $6.3 million in cryptocurrencies. (Aug 2023)
St. Margaret's Hospital: Illinois goes bankrupt following Ransomware attack, links closing to cyber incident. (NBC News, June 12, 2023).
Johnson Controls Breach Sept. 2023: Cybercriminals exfiltrated 27TB of sensitive data from Johnson Controls and requested a $51 million ransom; Johnson Controls also holds documents depicting "the physical security of many Department Homeland Security facilities-(Securityweek. com)
Indeed, the rise of geopolitics has given rise to incidents such as Spying Balloon, Solarwind breach, Accenture lockbit breach, LOG4J, US DoDefense which led to the government Microsoft Azure email server's exposure, PharMerica data breach, and the most recent NATO's Communities of Interest Cooperation Portal breach 2023 amongst other major breaches.
Targeted intrusion adversaries will continue to predominantly present data theft threats to multiple sectors and geographies in 2023 (CrowdStrike Intelligence 2023 GLOBAL THREAT REPORT).
Top 5 Data Types of Attacks
- Data Leakage
- Ransomware
- Data Breach
- Data manipulation(e.g. SQL injection)
- Credential theft
Data and Information Security Checklist Options;
- Take A. I safety seriously
- Treat data as an Asset
- Cyber insurance
- Follow GDPR laws
- integrate data sanitization
- Privacy by Design/Default
- Security and Data Privacy Awareness Training
- Stay Updated (Patch management /data management policy!)
- Use Automation solutions to your advantage(SIEM,SOAR,EDR, ML)
- Access control management
- Review network logs for signs of data exfiltration and lateral movement
The average cost of a data breach in 2023 Published by Ani Petrosyan on Statista
- industrial sector worldwide was $4.73 million USD
- financial sector ranked second, with $5.9 million USD
- Healthcare sector data breach $11 million USD March 2022 - March 2023.
As of 2023, the average cost of a data breach in France was $4.08 million USD, the Middle East was $8.07 million USD, Canada $5.13 million USD, United States $9.48 million USD.
The Digitalized Future of Data-reliant Business vs Data Trusted Structure Oversight
Major Actors in Civic Data Trust includes; trustor (collect urban data) , trustee(Fiduciary), beneficiaries(smart city residents and visitors), Smart City(embedded with sensors)-(in the public eye privacy, personal information by Shaun E.Finn)
UK GIVES DEADLINE 2030 for the government's critical functions to be significantly hardened.
UK's Data Protection Body Seeks Feedback on Biometric Data Rules(CAIDP Update 5.32 - AI Policy News (Aug. 28, 2023)
Japan's Privacy Commission Sounds Alarm on AI's Data Risks -CAIDP Update 5.32 - AI Policy News (Aug. 28, 2023)
May 30, 2023, Cyberspace Administration of China -Set specific requirements for the Filling of standard contract of cross-border transfer of Personal information
Saudi Data and Ai Authority Personal Data Protection Law, Royal Decree No. (M/148) Amended on 27/03/23 G, Article 2 - Applies to any Processing of Personal Data related to individuals that takes place in the Kingdom by any means, including the Processing of Personal Data...
Canada Privacy Commissioner Philippe Dufresne on May 2023 Submitted Bill C-27 to The House, the Digital Charter Implementation Act privacy law reform with #15 Recommendations. #1: Recognize privacy as a fundamental right. Recommendation #2: Protect children's privacy and the best interests of the child.
"Privacy law reform is overdue and must be achieved," said Privacy Commissioner of Canada Philippe Dufresne.
To implement Safeguards within the data management category, a policy must first be put in place surrounding the data management process. (The cost of Cyber Defense 2023 by CIS V8)
Open Source Intelligence(OSINT), Artificial Intelligence, Data Analytics, and Quantum Computing are dynamically changing the information management systems threat security landscape.
Data Privacy Acts and Information Security Regulatory Bodies Across Sectors
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- Health- Health Insurance Portability and Accountability Act of 1996 (HIPAA).
- Gramm-Leach-Bliley Act (GLBA) Financials.
- Confidential Information Protection and Statistical Efficiency Act (CIPSEA)
- Organization for Economic Co-operation and Development (OECD)
- The NIS 2 Directive(Network and Information Security)
- The European Cyber Resilience Act
- The Digital Operational Resilience Act (DORA)
- The Critical Entities Resilience Directive (CER)
- The Digital Services Act (DSA)
- The Digital Markets Act (DMA)
- The European Health Data Space (EHDS)
- The European Chips Act
- The European Data Act
- The European Data Governance Act (DGA)
- The Artificial Intelligence Act
- The European ePrivacy Regulation
- The European Digital Identity Regulation
- The European Cyber Defence Policy
- The Strategic Compass of the European Union
- The EU Cyber Solidarity Act
- The EU Cyber Diplomacy Toolbox
- The Framework for Artificial Intelligence Cybersecurity Practices (FAICP)
PARLIAMENT OF CANADA BILL C-26 - An Act respecting cyber security, amending the Telecommunications Act. with focus on Part 2 – Enactment of the Critical Cyber Systems Protection Act and Non-disclosure of Orders (section 2(b) of the Charter).
Conclusion
The Global average cost of a data breach in 2023 was 4.45M USD, This represents a 15.3% increase from the 2020 cost of 3.86M USD according to IBM (SANS Cyber Defense Newsletter, 6th Oct 2023).
Unarguably, some level of online anonymity and implementation of actionable multi-layered Security which includes (preventive(IPS), detective(IDS), and corrective security controls) and access controls(ZTNA, IAM, MFA,) are required to keep people and businesses safe in the new digital threat erosion.
Gartner predicts that by 2025, 75% of the world's population will have its personal data covered by modern privacy regulations.
Regulations such as HIPPA also prevent discrimination thus Stronger privacy laws will build a better society. Furthermore, Privacy Commissioners, human rights adjudicators, courts, ISO, and other regulatory institutions are constantly tasked with developing, redefining, establishing, and implementing privacy laws, standards, and data protection legislation and guidelines across vertical sectors to keep organizations critical data safe and individuals' personal identifiable information (PII), Personal health information and other sensitive information confidential.
Top Information Security and Data Protection Frameworks
- INFORMATION SECUIRTY:- ISO/IEC 27001:2023, NIST sp-800-53, ICO, ANSSI
- Data Protection/Privacy- ISO/IEC27701:2019, EU-GDPR, ISACA-COBIT
- IoT Security and Privacy- ISO27400,CAF 3.1, ANSSI-CIIP,ISO317001
- RISK Management-NIST RMF, NCSC RISK GUIDE V1.0, BSI 200-3, ISF-IRAM2
Other regulators and frameworks include; HITECH(ePHI), Epcs, PCI-DSS, GDPR, CONSUMER PROTECTION, NERC, FISMA, CIS, SINIA, CCPA, GLBA Banking, SOX/J-SOX, FEDRAMP, HSEEP, FDA, IEEE, JRSS, OWASP, COBIT, Gartner, NCSC, ACSC, etc.
Beware! of Privacy for sale in exchange for security schemes - Always Read Terms and conditions before accepting cookies.
Infrastructure and Industrialization: Securing UN SDG-9 on Digital Innovation Infrastructure Advisory and Recommendation
Maintaining functionality and availability during adverse conditions ensures trustworthy, resilient digital infrastructure proposed by international Telecommunication ITU's GSR-23 and the UN's #SDGs on digital innovation infrastructure projects are met, Securely storing and sharing information requires a proactive defense-in-depth strategy while meeting information risk security management standards, and compliance will foster the International Telecommunication Union's 2024/2027 mission on the strategic plan for universal connectivity and Sustainable Digital Transformation.
Thanks for reading.
Regards,
Disclaimer: This article insight was generated and inspired by months of reading cyber publications and credibly Cybersecurity research sources such as NIST, CISA, WEF, DoD, SANs, CSA, GOA, ICO, CIS, IBM Security, EU-GDPR, ITU, IC3, ISC2 DHS, SANS, ISACA, ENISA, INFOSEC, CISA etc., and was written solely for educational purposes, without the use of Artificial intelligence.