One of my predictions with GDPR is that data breaches are going to be in the spotlight more than ever. Right now, unless you regularly follow security news or have contact with security experts like I do, a lot of data breaches go under the wire. We tend to hear about the mega-breaches (Yahoo, Equifax, OPM), but not the smaller breaches that affect a lot of smaller businesses and communities.
This is why when James Stickland, CEO of Veridium, offered to talk to me about the four major reasons why breaches continue to happen, I jumped at the chance. I think we need to continue to look at what we’re up against. The better we understand the why behind data breaches, the better we’ll be able to plan and budget our defenses.
Here are Stickland’s thoughts on the reasons why data breaches will continue. Do you agree?
Hackers Target Large Corporations and Individuals Alike
We already talked about how big-name breaches make the news and get our attention, but Stickland reminds us that you don’t even have to be a company to be at risk. Hackers know that people regularly store personal information on their smartphones – making apps and mobile storage a primary target for data theft. While you may not be able to control how corporations secure your data, you can take steps to better protect yourself. Be mindful of what information you share with social media sites and online stores, and be careful when connecting to free Wi-Fi in places like cafes or airports to avoid accidentally sharing personal information with nearby hackers.
Passwords Are Broken
We should all know by now that passwords simply aren’t enough to protect sensitive information. Unfortunately, many people use simple, easy-to-crack passwords, as demonstrated by the fact that last year’s most common one was “123456.” What’s more, everything we’ve been taught about password security was recently debunked – by the man who originally wrote them. Those rules resulted in many people using the same password for all their online accounts, which is the same thing as using the same key to unlock your house, car, safety-deposit box and office. If that password is compromised, the thief has access to everything. To achieve safety, best practices dictate moving beyond passwords and embracing multi-factor authentication. This includes using biometrics. Capturing your biometrics via a smartphone optimizes security while remaining convenient to use throughout the day.
Digital Property Is Increasingly Becoming Popular
As mentioned earlier, people are storing more documents digitally, providing a larger attack surface for hackers. This means there is much more data to access. Hackers can sell medical IDs or Social Security numbers. Or PII can be used to defraud or extort the owner. Hackers also have access to more of your digital property than you think, including from email providers and the government. The value of compromised data is also increasing, and health care data is becoming more valuable than Social Security and credit-card data. We saw this first-hand with the 2017 WannaCry breach. Multi-factor biometric authentication makes your data harder to access. Instead of only using a password, you become the password, adding an additional layer of security to online accounts.
Hacking Evolves Faster than Security
Hackers today are not only more sophisticated but also have better technology at their disposal than ever before. They crack passwords in numerous ways and do it quickly. Some use phishing scams (where an email sends you to a place to “update” your credit card, bank account number, etc.), while others use key loggers that track what people type on computers. There is also the time-honored practice of social engineering. We’ve also seen a rise in nation-state hacking, where teams of professional hackers work for governments to target corporations or other countries with highly sophisticated tactics. But, even though technology and hackers are becoming more advanced, many people still do not take appropriate steps to safeguard their data.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba