Data Breaches Are a Much Bigger Problem Than You Thought
Data breaches have become a familiar headline in the news cycle, and if new research is any indication, perhaps it’s time we all started being a little less trusting of businesses with our important information.
A new report from the Ponemon Institute has revealed that a very large number — 43 percent, to be exact — of companies have experienced a data breach within the past year. We’ve heard about the big names dropping the ball when it comes to securing customer data, like Target and Home Depot, but this report really puts a scope on just how widespread the problem actually is. “The Second Annual Study on Data Breach Preparedness,” released late last month, also revealed that data breaches increased by 10 percent from 2013 to 2014, although more companies are putting countermeasures into place.
The research was conducted by surveying 567 executives in the U.S., and asked how prepared they felt that their respective firms were for data breaches and similar issues. While it was found that more companies are starting to take the threat seriously by putting response plans and teams into place, the number of actual breaches has still gone up.
“This research reveals that companies are making some positive changes. However, many companies are deficient in governance and security practices that could strengthen their data breach preparedness,” the study reads. “These include: keeping the data breach response plan up-to-date, conducting risk assessments of areas vulnerable to a breach, continuous monitoring of information systems to detect unusual and anomalous traffic, and investing in technologies that enable timely detections of a security breach.”
As far as the actual cost of these security lapses, the study says that each individual lost or stolen record averaged out at $201. Obviously, this can end up being an extremely expensive problem for many companies, which is likely why more and more are starting to put countermeasures in place to help absorb the damage — or stop intrusions before they start.
Despite companies ramping up efforts to curb data breaches and intrusions, there is still a long way to go. Most of those surveyed did not express confidence in their company’s ability to properly handle such situations, and a whopping 68 percent agreed that their firms would not even know how to handle the negative press and public opinion that would follow in the wake of a breach. That’s something that’s going to need to change, especially since both the size and frequency of intrusions seems to be increasing.
“Particularly beginning with last quarter in 2013, and now with all the retail breaches this year, the size had gone exponentially up,” said Experian’s data breach resolution group vice president Michael Bruemmer, according to USA Today.
As for what the main cause behind these instances of lost data, Bruemmer says that more often than not, it’s due to negligence on the part of employees. However, there are a lot of ways information could potentially get out. “It could be from someone giving out their password, someone being spear-phished, it could be a lost USB, it could be somebody mishandling files, it could be leaving the door to the network operations center open so someone can walk in,” he said.
Perhaps just as troubling is the fact that while many companies may have plans in place to deal with data breaches, not very many executives feel that they are very effective. The chart above, taken directly from the report itself, illustrates that only 30 percent of respondents felt that their company’s plans were ‘effective’ or ‘very effective,’ while another 30 percent felt that they were not effective at all.
Perhaps that has its root in an unwillingness to actually go back and update said plans, or even review them on an annual basis. The second chart above shows that an incredible 37 percent of respondents said that their firm’s plans had not been reviewed or updated since they were put into place, and another 41 percent said they there is no set time table to do so. Obviously, as these plans become stale, vulnerabilities can be found and exploited, highlighting the need for constant monitoring and updating.
As far as what can actually be done to help solve the issue, the responsibility is going to come down to individual businesses to make sure it’s doing everything it can to protect its customers. Since a great deal of these breaches involve customer credit card data, if companies end up losing the trust of its consumer base, it could end up hitting their bottom line as sales are lost. The Ponemon Institute does outline several suggestions, including frequent reviews for response plans, executives taking leadership in developing and instituting those plans, increasing employee training, and clearly defining employee roles and responsibilities as they pertain to security.
As attacks on databases continue to grow in frequency and ferocity, watching out for consumers’ data will need to become a priority. While many companies never really thought that responsibility would fall on its shoulders, it has. Now it needs to develop strategies to keep it under lock and key. While the numbers show that more businesses are taking the threat seriously, it’s obvious that its efforts have so far fallen short.
For consumers, make sure you’re shopping at retailers you trust with your data, and constantly update your own passwords and information as well. Also, keep a close eye on your statements. If all else fails? Use cash.