Today, data security is top of mind for companies, consumers, and regulatory bodies. After years of unfettered participation in the data-driven digital age that was defined by an “anything goes” ethos and a “move fast and break things” mentality, this shifting sentiment is both drastic and welcome. For businesses of every size operating in every sector, this has broad implications. Data breaches and privacy failures are both increasingly prevalent and incredibly expensive. A study by found that data breaches are up more than 54% from the same period a year ago. Meanwhile, found that the average total cost of a breach approaches $4 million. Risk Based Security IBM’s annual Cost of a Data Breach Report Taken together, it’s clear that data security and privacy will be a bottom line issue heading into 2020 as a new era marked by privacy and security permeates the digital landscape. To help your company prepare for this growing inevitability, here are 20 data security risks that your company could face in 2020. 1. Accidental Data Exposure Sometimes data breaches and privacy violations are the work of sophisticated hackers who take advantage of particular vulnerabilities to steal information. However, too often, data breaches are caused by accident. For instance, a study by found that 40% of senior executives and small business owners report that negligence and accidental loss was the foundational cause of their latest security incident. Shred-it This reality was underscored recently when an employee at accidentally emailed to the public an internal spreadsheet storing people’s personally identifiable information. an Australian government contractor 2. Fatigued IT Admins Today’s threat landscape can be exhausting. Just ask the IT admins responsible for protecting a company's most important data. Hackers only have to be right once to inflict serious damage on a business's bottom-line, while IT admins are charged with perfectly repelling a constant barrage of attacks. That’s probably why nearly 2/3 of cybersecurity specialists have considered quitting their jobs or leaving the industry entirely. This turnover – and the inevitable performance lag that accompanies overworked employees – leaves companies vulnerable to a data security or privacy failure. 3. Employee Data Theft In most cases, employees are a company’s greatest asset, facilitating the exchange of goods and services that allow businesses to flourish. Of course, sometimes employees, either by accident or on purpose, can be a company’s greatest liability. Theft of company data by current and former employees is incredibly common, something that the Canadian credit union, , learned the hard way. Desjardins In June 2019, a former employee stole personal data of nearly 3 million customers, marking one of the biggest data disasters in the country’s history. 4. Lackadaisical Digital Communication Digital communication is a ubiquitous part of our daily lives, and it could also be a consequential vulnerability for companies striving to protect customer privacy. Using personal devices or personal accounts to convey sensitive customer information is frighteningly common. For instance, in the healthcare industry, nearly acknowledge using personal devices to communicate private patient details. 30% of healthcare team members 5. Phishing scams An analysis by found that phishing scams are up 250% this year. What’s more, the techniques are becoming more sophisticated, making them both more difficult to identify and more successful in their implementation. Microsoft These emails can flood corporate inboxes at little expense to hackers. Meanwhile, a single employee click can compromise troves of company data. 6. Data Theft For Ransom There are a lot of ways for hackers to make money from stolen data. While the Dark Web offers a vast network of sales opportunities, increasingly cybercriminals are turning back to the source for their income. Rather than selling stolen data online, thieves are exploiting companies for a ransom payment, creating a no-win scenario for businesses victimized by this approach. Ransomware attacks have received a new lease on life, , while serving as a serious data security risk for businesses, government agencies, and beyond. increasing by 500% year-over-year 7. Employee Bribery In the past few years, several high-profile companies have endured data breaches on the heels of employees who were bribed to leak company information. In 2018, for their role in a bribery scheme that compromised company data. More recently, it was revealed that to plant malware on the company network that provided insights into  AT&T’s inner workings. Amazon investigated several employees AT&T employees were receiving bribes To be sure, bribing employees isn’t the most obvious way to perpetuate cybercrime, but it’s a vulnerability that companies need to be prepared to address. 8. Networks Held For Ransom In 2019, local municipalities across the U.S. have had their IT infrastructure disrupted by ransomware attacks. However, this threat isn’t just relegated to government institutions. SMBs and other businesses without the most recent cybersecurity capabilities are all exposed to this threat. Unfortunately, the cost to recover data has more than doubled in 2019, and all signs indicate that this trend will continue well into next year. 9. Everyone Has Access to All The Data All the Time Access to company or customer data should be a need-to-know arrangement that minimizes the opportunity for misuse or abuse. However, too many companies give all employees complete access to all the company's data all the time. In doing so, they unnecessarily increase the likelihood that a security or privacy issue will emerge in the future. 10. Privileged Users Have Too Much Access Data privacy extends to everyone, including employees, and every company needs to ensure that someone is monitoring the monitors. Failing to provide accountability at every level of an organization creates the possibility that a data privacy event will occur next year. 11. Employees Need More Money Employees steal company data for many reasons, but one of the most obvious and tangible motivations is money. A study by found that 45% of employees would consider selling company data to outsiders, and, incredibly, this information is very affordable. Deep Secure The study found that 15% of UK employees would sell information for $1,260, while 10% would sell data for as little as $315. This data may be cheap for bad actors to attain, but it could be costly for companies in 2020. 12. Executives Misplace Cybersecurity Priorities SMBs are the most vulnerable to a cyberattack, and their executives are the least likely to prioritize cybersecurity initiatives. A study by found that 66% of SMBs don’t believe they will incur a data breach, which is antithetical to evidence produced by the Ponemon Institute that found that 67% of SMBs endured a serious attack in the last year. Keep Security 13. Bored Employees According to , a surprising number of data breaches, nearly 24%, are motivated by employee boredom. The report found that “pure fun” was one of the top reasons for a cybersecurity or privacy-violating incident. Verizon’s Data Breach Investigation Report It underscores the blase attitude toward data security that still permeates many organizations, which holistically represents a profound threat heading into next year. 14. Spear Phishing Campaigns Phishing campaigns are obnoxious, but spear phishing campaigns are downright nasty. This particular brand of phishing attacks use previously stolen data to create authentic-looking emails that are difficult to stop and defend. Recently, in an embarrassing and expensive episode that cost the city $700,000 when an employee was tricked into paying a fraudulent invoice received as part of a targeted spear phishing campaign. the City of Naples learned this lesson As more and more data becomes available online, these attacks could only intensify in the future. 15. Good Old Fashion Fraud Often times, data breaches or privacy violations are just the first offense in a growing list of cybercrimes. For instance, a found that email addresses and passwords are the most sought after data online, occurring in 70% of all data breaches. This information can be deployed in other, more nuanced cyber attacks. report by Risk Based Security 16. Angry Founders Few people have unprecedented access to company data like an organization’s founders. This isn’t a problem until it becomes a huge problem when they decide to leave the company or are forced out by institutional or market dynamics. Privileged users frequently present a vulnerability because they are implicitly trusted while oversight is often minimal or nonexistent, creating an unnecessary opportunity for data loss and privacy violations. 17. Career Development by Data Theft A surprising number of employees are willing to steal company data to gain an edge on the job market. For instance, two former Apple employees working on the company’s secret car project were charged with data theft after they stole more than 2,000 files related to the project. Meanwhile, the perpetrators were in the application process at a China-based autonomous car company. Whether employees are looting intellectual property, customer data, or other valuable information, it can provide a leg up in a competitive job market, which presents a data security risk for companies operating in 2020. 18. Simple or Redundant Passwords A found that 1.5% of all login credentials used on the internet are vulnerable to credential stuffing attacks that deploy previously stolen information to inflict further damage to the company's IT infrastructure. study by Google Interestingly, employees were reticent to change or improve these passwords when notified of their susceptibility. Failing to account for controllable elements, like following password best practices, exposes your organization to great risk now and in the year ahead. 19. Hackers Looking for Bragging Rights In July, credit card company Capital One burst into the headlines for all the wrong reasons when that compromised 100 million records. they endured a data breach The breach was orchestrated by a hacker who, by most accounts, was looking for bragging rights among various online communities. For some, data theft isn’t about data or privacy, it’s about their own notoriety, and that’s a problem for businesses striving to protect their customers’ digital privacy. 20. Just Giving Up Today’s dangerous digital landscape can be paralyzing. Discouraged by the notion that a security incident or privacy violation is an inevitability, too many companies will give up, taking their chances rather than fortifying their defenses. In many ways, this might be the most significant vulnerabty of all. Rather than controlling the controllable, accounting for the risks, and implementing a security strategy that addresses holistic data security, they just do nothing. Much like the years preceding it, 2020 will be replete with risks, and this presents every organization with an opportunity to differentiate themselves in how they manage this uncertainty and how they plan to protect their company and customer data going forward. 2020 is fast approaching. Don’t miss the opportunity to start getting ready now. About the Author Bio: Isaac Kohen is CTO and Founder of Teramind , a leading, global provider of employee monitoring, insider threat detection, and data loss prevention solutions. He recently authored the e-book: #Privacy2020: Identifying, Managing and Preventing Insider Threats in a Privacy-First World . Follow on Twitter: @teramindco . Photo credit: © gonin stock.adobe.com

Adobe

Amazon

Apple

AT&T

Google

Microsoft

Twitter

10 Factors to Prepare for CCPA (California Consumer Privacy Act)

Hiring Across Time Zones: Leveraging tech to manage remote software teams

Check out new Teramind Academy 

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Threats

Nominated for 2022 - HackerNoon Contributor of the Year - Cybercrime

Nominated for 2022 - HackerNoon Contributor of the Year - Cyber Security Awareness

Nominated for 2022 - HackerNoon Contributor of the Year - Data Security

Too Long; Didn't Read

CTA: Download the FREE AI Productivity Shift report

20 Data Security Risks Your Company Could Face in 2020

20 Data Security Risks Your Company Could Face in 2020

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

Untitled Story

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

0-Days are on the Rise and that Means a Lot More Work for SOC Teams

108 Stories To Learn About Cybersecurity Tips

10 Ways to Mitigate Cybersecurity Risks and Prevent Data Theft

10 Tips For Securing Zoom Meetings

10 Things I Did To Increase CloudTrail Logs Security

Light-Mode

Classic

Newspaper

Dark-Mode

Neon Noir

Minty

HN StartUps