Four Reasons Why Data Breaches Continue

Sue Marquette Poremba

One of my predictions with GDPR is that data breaches are going to be in the spotlight more than ever. Right now, unless you regularly follow security news or have contact with security experts like I do, a lot of data breaches go under the wire. We tend to hear about the mega-breaches (Yahoo, Equifax, OPM), but not the smaller breaches that affect a lot of smaller businesses and communities.

This is why when James Stickland, CEO of Veridium, offered to talk to me about the four major reasons why breaches continue to happen, I jumped at the chance. I think we need to continue to look at what we’re up against. The better we understand the why behind data breaches, the better we’ll be able to plan and budget our defenses.

Here are Stickland’s thoughts on the reasons why data breaches will continue. Do you agree?

Hackers Target Large Corporations and Individuals Alike

We already talked about how big-name breaches make the news and get our attention, but Stickland reminds us that you don’t even have to be a company to be at risk. Hackers know that people regularly store personal information on their smartphones – making apps and mobile storage a primary target for data theft. While you may not be able to control how corporations secure your data, you can take steps to better protect yourself. Be mindful of what information you share with social media sites and online stores, and be careful when connecting to free Wi-Fi in places like cafes or airports to avoid accidentally sharing personal information with nearby hackers.

Passwords Are Broken

We should all know by now that passwords simply aren’t enough to protect sensitive information. Unfortunately, many people use simple, easy-to-crack passwords, as demonstrated by the fact that last year’s most common one was “123456.” What’s more, everything we’ve been taught about password security was recently debunked – by the man who originally wrote them. Those rules resulted in many people using the same password for all their online accounts, which is the same thing as using the same key to unlock your house, car, safety-deposit box and office. If that password is compromised, the thief has access to everything. To achieve safety, best practices dictate moving beyond passwords and embracing multi-factor authentication. This includes using biometrics. Capturing your biometrics via a smartphone optimizes security while remaining convenient to use throughout the day.

Digital Property Is Increasingly Becoming Popular

As mentioned earlier, people are storing more documents digitally, providing a larger attack surface for hackers. This means there is much more data to access. Hackers can sell medical IDs or Social Security numbers. Or PII can be used to defraud or extort the owner. Hackers also have access to more of your digital property than you think, including from email providers and the government. The value of compromised data is also increasing, and health care data is becoming more valuable than Social Security and credit-card data. We saw this first-hand with the 2017 WannaCry breach. Multi-factor biometric authentication makes your data harder to access. Instead of only using a password, you become the password, adding an additional layer of security to online accounts.

Hacking Evolves Faster than Security

Hackers today are not only more sophisticated but also have better technology at their disposal than ever before. They crack passwords in numerous ways and do it quickly. Some use phishing scams (where an email sends you to a place to “update” your credit card, bank account number, etc.), while others use key loggers that track what people type on computers. There is also the time-honored practice of social engineering. We’ve also seen a rise in nation-state hacking, where teams of professional hackers work for governments to target corporations or other countries with highly sophisticated tactics. But, even though technology and hackers are becoming more advanced, many people still do not take appropriate steps to safeguard their data.

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Apr 2, 2018 12:57 PM Jay Jay  says:
To keep doing the same thing expecting a different outcome is foolish. We need to change to protecting the data itself, rather than depending on the network, which no one can clearly define. You cannot defend something you cannot define. The network is the highway system.....and like a highway system the user/owner is responsible for safety and security of the car/content. We must change our approach to achieve a different resultr. Reply
Apr 2, 2018 8:39 PM Pat Pat  says:
Dear Sue, Perhaps you read about "Pacific Wiretap" as a feature review by editor Kevin Summers in the September 2011 issue of Submarine Telecoms Forum. Now, in the era of Corporate Cybercrime, Political Wiretaps, and Global Surveillance, the book has taken on increased relevance, as multi-referenced in The Undersea Network by Nicole Starosielski, NYU professor (Duke University Press, Durham and London, 2016) . The fiber-optic cable system described, including landing points, technology, geography and vulnerabilities are the real thing. Only the characters are fiction. Take a peek: http://www.amazon.com/Pacific-Wiretap-Patrick-Downey/dp/1450267629/ref=sr_1_1?ie=UTF8&qid=1399040452&sr=8-1&keywords=pacific+wiretap Give it a try - and be prepared to have your wits tested. Cheers, Patrick Downey AT&T retiree Asia-Pacific region Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.