Big data breaches are on the rise. That’s not news. For the past several years, headlines have been dominated with company after company suffering from some sort of cyber-security attack.
A recent chart, however, puts the frequency of these breaches into perspective—and also underscores the fact that small, unknown companies are just as vulnerable as large, multinational ones.
The chart, created by RAND Corp.’s National Security Research Division, spans from 2004 to 2014. As expected, there were far fewer occurrences of data breaches around 2004, with the bulk of these attacks happening in the past couple of years. The chart shows a spike in breaches beginning in 2008 and 2009, likely associated with companies putting more services and information online.
But the chart also illustrates that these cyber-attacks can happen to anyone. While many of the companies on the list are household names, others that have suffered at the hands of hackers aren’t as well known.
Even more notably, some of the smaller companies have experienced data breaches at a greater scale than larger ones. While many companies think it won’t happen to them, as data breaches continue to rise, every company, despite industry or size, continues to become more vulnerable.
We’ve discussed many ways companies can protect themselves against data breaches, but one area companies should pay particularly close attention to is the level of due diligence they require of their third-party vendors who handle sensitive data.
It’s critical that companies must understand how the vendor’s service is operating and what exactly is happening to their information. By digging into exactly how the details of the engagement, what product or service the vendor is offering and what’s happening with the data, companies are able to minimize the risk involved with engaging that vendor. And, as a result, they’re able to help protect themselves by implementing appropriate measures.
As the RAND chart shows, data breaches are on the rise without any indication they will slow down. It’s less of a question of if a company will suffer a cyber-attack, and more of a question ofwhen.