No matter what kind of business you are in – be it legal, medical or retail – data is one of the most valuable assets you possess. Whether it's sensitive customer and executive profile information or proprietary trade secrets, ensuring data security is paramount.
Proprietary data safety in particular now faces new challenges due to the rise in cyberthreats. With high-profile breaches and cyberthreats of major sites like LinkedIn, MySpace and Yahoo, it has never been a more dangerous time to handle sensitive data.
Trends in Proprietary Data Breaches
The data landscape for businesses dealing with sensitive data is a treacherous one. According to the Breach Level Index, more than 554 million data records were lost or stolen in 2016. Even more troubling, in 52 percent of these cases, it was unclear how many records the breach compromised.
While the vast majority of these breaches involved cybercriminals targeting large corporations to obtain personal information, malicious entities are also turning their eyes to proprietary data. The BLI found existential data breaches comprised roughly 5 percent of 974 breaches that impacted more than 1 million records. This figure shows clearly that while cybercriminals may on the whole be more interested in personal information data, trade secrets are also vulnerable.
"Sensitive company assets are targeted in roughly 5 percent of all data breaches."
Proprietary data theft is a serious – and expensive – issue. According to a PwC analysis of World Bank data in its 2015 Global State of Information Security Survey, the losses attributable to trade secrets breaches add up: falling between $749 billion to $2.2 trillion annually. This statistic highlights how the 50 of 974 existential data breach incidents the BLI tracked in 2016 are no negligible rate.
A growing trend in these attacks, according to Stephen Bychowski, an associate at the law firm Foley Hoag LLP, is foreign governments and competitors targeting businesses in hopes of accessing trade secrets. Bychowski cited several examples of cyberattacks featuring hacking groups suspected to be working in conjunction with the Chinese government to obtain intellectual property and trade secrets. Because these actors work from a position of relative anonymity – possibly aided by clandestine government support – these attacks are nearly impossible to anticipate and difficult to track. This reality makes diligence and security protocols essential.
How Proprietary Data Beaches Occur
In the past, physical theft was a large source of trade secret breaches. The digital landscape has created new risks, and, proprietary data loss occurs a few different ways. A malicious actor within the organization could breach trade secrets. Additionally, a negligent employee may accidentally create a vulnerability, as was the case with a recent string of attacks on a major U.S. hedge fund's network in 2014, where employees fell for sophisticated phishing attacks.
What made this attack so troubling for many cybersecurity experts was that by cracking the firm's proprietary data networks, the hackers were able to discretely funnel money from the firms. One example cited by Bloomberg was a U.S. hedge fund targeted by hackers that was drained of $1.5 million in under two minutes. The hackers obtained passwords from the firm's chief financial officer and treasurer, allowing them to initiate three separate transfers, thereby not raising any of the firm's alarms.
Another concern, according to a Soha Systems Survey on Third Party Risk Management, is that 63 percent of all data breaches can be attributed to a third-party vendor. Transmitting data through a TPV means that your organization takes on the third party's vulnerabilities. This circumstance is what makes vetting any TPV data processor thoroughly so important. Even if you have the latest data security regulations and are committed to always updating processes, the data processing you outsource may not.
What Makes ARDEM Rise Above
ARDEM is distinct in this treacherous data landscape in that we are committed to the highest levels of security protocols when handling client data. We take special care not to hold on to any sensitive records longer than absolutely necessary, returning all original files and converted data to the customer quickly and regularly purging proprietary data. The result is fast, simple and customizable data handling services with excellent customer service and an eye for security.
We work for big names, small businesses and independent consultants in the fields of Bio-Medical, Financial, Insurance, Healthcare and Retail. We have been awarded a General Services Administration contract for Document Conversion Services by the federal government, adding the US Army, Veterans Administration, Department of Interior and National Institute of Health to our list of clients. To learn more about how ARDEM can keep your vital data secure, contact us today.