The impact of corporate data breaches is becoming more widespread than ever, with ramifications spreading far beyond reputational or financial damage to businesses to hit consumers and their families, often months or years down the line, according to new data from F-Secure.
In a newly published report, F-Secure found that three in 10 respondents to its survey had experienced some form of cyber crime – such as a malware or virus infection, email or social media account hacking, or credit card fraud – in the past 12 months. However, this rose to six in 10 among respondents using one or more online services that had been breached in a cyber attack – a group F-Secure referred to as “The Walking Breached”.
With over 500 breaches – three a day – disclosed in the first six months of 2020 alone, F-Secure said that over 163 million people will have had some form of personally identifiable information (PII) compromised, but the effects of this rarely makes headlines, and those impacted rarely achieve restitution or justice.
The rise of entire underground industries purposely designed to help cyber criminals monetise stolen data, such as passwords and login credentials, further highlights the scale of the problem, and fuels the risk of future cyber crime, said F-Secure.
“Personal information stolen from organisations can easily end up being used against people and families through different types of identity theft, fraud, or other types of harm,” said F-Secure consultant Laura Kankaala.
“And with more and more information being stored digitally, what criminals can do with people’s information keeps getting worse. So these attacks on companies can really end up hurting people and not just a business’s bottom line.”
Among the most significant impacts on The Walking Breached is stress and concern arising from cyber crime, cited by 51% of victims, alongside wasted time, also cited by 51%. This came above loss of personal information or loss of control of personal information, cited by 27%; financial loss, cited by 24%; and data loss, cited by 12%.
“Recovering hacked or lost social media accounts can sometimes be really difficult and we tend to recognise the value of something only once it’s gone,” said Kankaala. “These accounts are not ‘just social media’ or ‘just email’ – they hold records of our past, pictures we may not have stored anywhere else or conversations that are either private or something we’ll miss once they’ve been deleted.”
F-Secure also reported more acute impacts in families with children, who experienced nearly every type of cyber crime more frequently than their childless counterparts.
Fortunately, wrote the report’s authors, the risk of becoming one of The Walking Breached can be mitigated to some extent by paying more attention to some of the basic tenets of cyber security. With half of this group saying they reused passwords, and 70% saying they reused passwords with slightly changed variations, adopting basic credential hygiene is the best place to start.
If possible, and affordable, going beyond passwords by adopting some form of multifactor authentication , preferably using some sort of local, USB-A or -C based hardware will add further protection, while investing in identity protection and monitoring services is now becoming a more feasible option.