A Deeper Look: How the 281 Data Breaches in Q1 2019 Will Impact Companies

Print Friendly, PDF & Email

In this special guest feature, Kevin Gosschalk, CEO, Arkose Labs, believes that machine learning will allow organizations to better monitor authentic and inauthentic traffic, identify what the incoming traffic looks like and act against the traffic if labeled as inauthentic to stop automated fraud before it happens. Kevin he leads a team of people focused on telling computers and humans apart on the Internet. He gained early recognition for his work with the Institute of Health and Biomedical Innovation (QUT) as part of the LANDMark (Longitudinal Assessment of Novel Ophthalmic Diabetic Markers) study, where he developed an innovative mapping technique to detect early signs of diabetes using non- invasive methods. Today, Arkose Labs has transformed the irritating chore of comprehension into an SLA-guaranteed technology that prevents automated abuse for brands like Electronic Arts, Singapore Airlines, and Roblox.

High-profile data breaches show no sign of slowing down. In the first quarter of 2019, there were 281 reported data breaches, exposing more than 4.53 billion records. Companies have overlooked the fact that cybercriminals are becoming more sophisticated with automation, and these 4.5 billion exposed records will become 4.5 billion new opportunities for criminals to commit automated fraud online. Organizations are not where they need to be when it comes to protecting their online ecosystems against attacks and the reality of the situation is troubling. And as 2019 progresses, companies will continue to be impacted by these data breaches—even if they’re not directly involved—here’s how.

Data Breaches Are Costly – Even When an Organization Isn’t Attacked

The cost of a data breach – regulatory fines, lawsuits, integrating a cybersecurity product to secure their attack surface, and heavily investing in new technologies to prevent the next occurrence – adds up quickly and can be detrimental. According to Ponemon’s 2018 Cost of a Data Breach Study, the global average cost of a data breach increased 6.4 percent year-over-year to $3.86 million. The average cost for each compromised record within a company also increased 4.8 percent to $148. The cost to an organization’s reputation and customer trust, perhaps even more significant, can’t be measured.

The implications of a data breach on a company are serious and need to be taken seriously. Organizations not directly involved in a data breach need to proactively secure their online ecosystems because cybercriminals can, and will, weaponize exposed data.

Attacks are becoming more complex – account takeover, fake account creation and spam are enabling cyberattackers to generate millions of online personas and use them to commit massive amounts of abuse. And with the emerging Single Request Attack—a dangerous phenomenon where cyberattackers can change their device and IP address with dynamic fingerprints, use headless browsers and execute JavaScript as expected with every attack to appear as a new user with each entry—legacy defenses organizations use today can be overcome. Organizations are now at a crossroads—how do you securely authenticate the end user, when you don’t know who the end user is?

Investments in Machine Learning Tools Will Increase

Cyberattacks continue to quickly evolve and organizations have failed to stay ahead of the fraud curve. Emerging technologies, such as machine learning, are vital to helping fight automated fraud. Machine learning can help companies gain valuable insights into an attacker—incoming traffic signals, user behavior, device fingerprinting, etc. Machine learning will help companies track, label and identify suspicious users at-scale across their entire attack surface.

And, that’s a good thing because the attack surface is growing. Organizations are increasing the number of portals present on a website, including account creation, user login and check out. By increasing the number of portals on a site, organizations are also increasing the opportunities for cyberattackers to gain entry. Machine learning will allow organizations to better monitor authentic and inauthentic traffic, identify what the incoming traffic looks like and act against the traffic if labeled as inauthentic to stop automated fraud before it happens.

Application Security Will Become the Priority for Organizations

Organizations have long been focused on protecting their internal attack surface. The focus is quickly evolving, and organizations are prioritizing to improve the security of their applications against external attackers. In the wake of several high-profile data breaches, organizations are increasingly becoming mindful of application security and are now developing ways to protect against emerging sophisticated attack techniques.

However, organizations are continuing to leave the responsibility of application security in the hands of product and engineering teams, rather than the CISO and internal security team. This is a problem. As application security becomes top-of-mind, it’s important for organizations to hand the task over to the team most capable of preventing these ongoing attacks, as it will lead to a better protected attack surface.

Moving forward, organizations must have the mindset of when an attack occurs, not if, and learn from these attacks to shift the focus from mitigating fraud to preventing it. By taking the necessary prevention measures, a cyberattacker’s ROI will diminish and organizations will be more prepared to combat fraud.

Sign up for the free insideBIGDATA newsletter.

Speak Your Mind