Most of us are aware that Canadian, USA and other governments are under constant attack from other sovereign nations, usually for the purposes of obtaining military or economic information. Many of us also know that our own governments have similar programs in place.
However, there are many others out there who also try to hack into government systems. These types of hackers are probably not out to obtain military secrets, but are more likely to steal personal information, or to attempt to obtain a ransom for allowing you access to your ‘captured’ data.
Some people in government don’t think they are worthy of an attack, as they believe most of their information is in the public domain, or can be obtained through a Freedom of Information request, but government sites are also targets for hackers. This applies to municipal, state, provincial and federal governments. Here are some key government agencies who have suffered major data breaches recently.
United States Office of Personnel Management (2014/2015)
It is estimated that over 20 million records were stolen, with each record containing information such as names, dates and places of birth, and addresses. It is possible that other information, such as security clearance data, was also stolen.
Canada Revenue Agency (2014/2014)
Over 2,000 people were affected by data breaches at CRA. 900 social insurance numbers were compromised. This was revealed in a report from the Canadian federal government that indicated a total of almost 4,000 data breaches affecting over 6,000 people in total.
City of Ottawa (2014)
A hacker claimed to have impersonated a city manager and received password hints from an employee to gain access to the city’s website. The City took down its own website before any damage could be done.
There are many other examples – too many to list here. Most of these data breaches are caused by staff who provide information either willingly or unwittingly. Usually, staff are duped by social engineering or phishing schemes. Other causes include accidental dissemination, such as faxing to the wrong number or sending information to the wrong email address. The best way to prevent this type of event from happening is by formally educating your staff, and then by frequent reinforcement.
The average cost of a data breach in Canada is estimated to be over $5 million. The cost of an information security awareness program is of course significantly lower than that, and could help you to prevent a large expense and major disruption to your organization. The cost may be much more than just financial, with public embarrassment, loss of client/citizen trust and perhaps even termination of employment and litigation being potential outcomes.
An interesting website ‘Information is Beautiful’ tracks data breaches worldwide.
Would you like to find out more about educating your staff on how to prevent outsiders from using them to access your organization’s data? Give us a call and we’d be happy to discuss your information security awareness program.