Another day, another breach. It’s sarcastic, it’s comical, but it’s also real. Barely a day goes by where we don’t hear of a data breach. Affecting big companies and small in virtually every vertical and hitting government institutions at the local, state and federal level, sensitive data is routinely exfiltrated, stolen and leveraged with shocking regularity. For most individuals who have come inured to breaches, the latest breach victim isn’t new or shocking. What has changed over the past few years, though, is the advent of silence. With each colossal breach, public outcry seems to become more muted. Sometimes, it does not even make the front page of a newspaper.
Have we become too used to and too apathetic about breaches?
Consumerization of the Threat
If we were discussing hacking attempts even a decade ago, the types of hacks we saw focused on credit card data, identity theft and corporate espionage. We saw Heartland Payments suffer a major breach that exposed millions of payment credentials. Arguably, with that breach and others like it, the average person saw for the very first time that it was not just corporate data that was at risk, but personal identities and credit cards. An incensed population began to demand companies secure their personal information, because the consumerization of the threat was a clear and present danger.
Is Ignorance Bliss?
Today, with the advent of the IoT, literally everything we do is measured, calibrated, recorded and loaded to a physical or virtual server. Workouts, driving habits and even your thermostat setting is at risk of being exposed in a breach. The average person on the street however, does not realize that this data is curated somewhere and is virtual gold to criminals – or in certain cases, even terrorists. One such example is the recent disclosure that military personnel wearing Strava devices are revealing highly sensitive information about their locations and activities.
Other cases include health information being stolen and sold to life insurance companies, home breakings being timed for when people are not home based on hacked thermostat information and much more. With more sophisticated attacks and the ensuing damage, why are people seemingly not more concerned about securing their data? Is ignorance bliss?
Or are We Used to the Noise?
Growing up, I lived near an airport. Planes flew overhead regularly and it unnerved some of my friends because of the regular jet noise above us. It was never an issue to me, because I was used to it. This is not unlike the regular security breaches in the news. People either do not hear about breaches anymore, or they tune them out. They are ever-present, thus unfortunately becoming background noise.
One summer, several new neighbors moved in. For them, the airport noise was intolerable – and so they launched a grassroots campaign demanding the flight routes be altered. After much lobbying, the powers that be made changes to the flight path. It took effort to force change, and it’s clear it simply would not have happened on its own.
Many organizations acknowledge the importance of locking down their sensitive data, but are they really making an effort?
For example, are they encrypting their data? Do they manage the keys to this data separately from the data? Do they mask critical information to guard against insider threats? As the public becomes increasingly technologically savvy and as more stringent compliance regulations such as GDPR get enforced, I believe this seeming apathy and inertial will abate. Consumers will demand the companies they do business with have protections in place, and vote with their wallets.
I don’t think the public is apathetic to the breach. They simply got used to the noise, and are understandably overwhelmed. But like many trends, I’m not sure this one is here to stay. As businesses continue to adopt new technologies (according to our 2018 Data Threat Report, 94% of organizations are using cloud, IoT and other transformative technologies), the public will also become more educated on the threats that are out there – especially threats that stand to impact their personal lives. Now is the perfect time for businesses to be proactive in securing sensitive data, as it will prove to be a competitive advantage that yields goodwill and positively impacts the bottom line.
For more information about keeping data secure, please visit our data encryption landing page. Please also feel free to leave a comment below.
This is a Security Bloggers Network syndicated blog post authored by Michael Rothschild. Read the original post at: Data Security Blog | Thales e-Security