Put simply, a data breach is when private and confidential information has been exposed or shared without the owner’s permission. Anyone is at risk of a data breach—a company, a government or an individual can fall victim to it.
But do Filipinos really get a good grasp of it?
According to Kaspersky’s 2020 figures, it would cost a small and medium business a whopping $101,000 (P4.8 million) if they get hit. Meanwhile, an enterprise-level company’s potential losses would be way higher at $1.09 million (P52.4 million). Organizations both big and small also stand to incur reputational damage which could result in loss of customers.
If a government organization’s highly classified information has been compromised, expect that military operations, political dealings and details on critical national infrastructure can pose a major threat not just to the government but to its citizens, too.
For an individual, it could mean becoming a victim of burglary or car theft if your home address, location or vehicle registration details are shared publicly.
Worst case scenario: you could be a victim of identity theft. If your device is hacked, you could potentially lose priceless personal photos and videos, lose access to your online accounts like social media and email and then get blackmailed, lose money if cybercriminals get hold of your financial information, be charged for loans if they get your social security or passport details—all because someone else now has your data and could easily pretend to be you.
It’s that serious.
A string of data breaches affecting Filipinos have been reported quite frequently in recent years up to the present.
In April, almost 900,000 Facebook accounts of Filipino users were reportedly included in a large-scale data leak that affected over 506 million users worldwide. In the same month, some 345,000 sensitive court documents of ongoing legal cases were found to have been made publicly available. Earlier this year, data of about 3.3 million users of an online lending platform was reported to have been sold on the dark web.
In 2019, the country’s military database was hacked into—exposing personal details of almost 20,000 personnel. In the same year, private details of about 900,000 clients of a pawnshop operator were affected by a breach. There were several more but the massive leakage of personal information of 55 million Filipino voters in 2016 remains to be the biggest data breach in the history of the Philippines.
Neighboring countries such as Singapore, Malaysia, Thailand, Vietnam are all in the same predicament, making the region a hotspot of data breaches.
“Generally, a data breach happens due to weaknesses in user behavior (human) and technology. Our devices get more connective features so there are places where data could slip through. There is no specific sector or person that’s being targeted as cybercriminals do not discriminate. Anyone is vulnerable,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Cybercriminals responsible for data breaches use manipulation techniques like social engineering to exploit human error and penetrate the system. Social engineering tricks come in many forms, from offering time-sensitive opportunities, mass phishing, carrying out personalized and targeted attacks, intercepting communications, posing as someone legitimate, and many more.
Among users of Kaspersky products In the Philippines, the cybersecurity company has reported a 160.43% rise in detected web threats under social engineering attacks from Q1 of 2019 (7,674,407) to Q1 of 2021 (19,987,120). These attacks were stopped from further progressing by Kaspersky solutions in the devices of users in the country.
So what should be done when you or your company gets hit by a data breach?
Here is a five-step guide for organizations whether big or small, private or public:
Assess the situation. Evaluate the risk of the data breach to customers. Risk assessment helps you decide the next steps to take. If it’s a high risk, inform the customers without undue delay, perhaps even before reporting to authorities. Be transparent
Be transparent. In 40% of businesses around the world, employees hide an incident when it happens. Hiding an incident may lead to dramatic consequences, increasing the damage caused. It may also result in customers losing trust in the business on top of negative news coverage. Tell customers what happened and give them advice on what to do next.
Document everything. Document every data breach, even if you don’t have to report it. Record what happened, the steps you took and why the breach was reported or not reported.
Learn lessons. Once the cause has been identified, fix it. Next, make sure all staff receive training in how to prevent future breaches. Human error causes most data breaches.
Notify parties. If you’re processing data for other organizations, don’t forget to tell them about the breach. They will have steps they must take too.
Small and medium businesses, are also not immune to cyberattacks, can avail up to 40% in savings on the KEDRO security solution by visiting https://go.kaspersky.com/SEA_SMB_Promo_KERO.html?utm_campaign=SEA21Q2KERO.
Incidentally, Kaspersky is offering free e-gift vouchers (choice of Grab, GCash, or PayMaya) for every purchase of: Kaspersky Total Security (valid for 1 year for 1 device) or Kaspersky Internet Security (valid for 1 or 2 years for 1, 3, or 5 devices)
Participating Kaspersky products are available from official partner stores in Metro Manila, official partner e-stores, and via Shopee and Lazada. Promo runs from May 29 to June 30, 2021.