Information Security Today Home

New Books

Asset Protection through Security Awareness by Tyler Justin Speed; ISBN 9781439809822
Managing an Information Security and Privacy Awareness and Training Program, Second Edition by Rebecca Herold; ISBN 9781439815458
Software Quality Assurance: Integrating Testing, Security, and Audit by Abu Sayed Mahfuz; ISBN 9781498735537
Enterprise Level Security: Securing Information Systems in an Uncertain World by William R. Simpson; ISBN 9781498764452
Information Security Policies, Procedures, and Standards: A Practitioner's Reference by Douglas J. Landoll; ISBN 9781482245899
Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval, Second Edition by David R. Matthews; ISBN 9781498739580

What's Behind the Rise in Data Breaches (and What to Do about It)

Bill Carey

The drumbeat of high-profile hacking incidents in the news continues. Just in the past year, more than 200 million records have been stolen in data breaches that occurred at Premera Blue Cross, Anthem, Sony and Home Depot. The pilfered data included bank account information, Social Security numbers, email addresses, credit card numbers and other personal information.

There appears to be no end in sight to the hacking epidemic, and large and small businesses as well as consumers are scrambling to find new ways to protect themselves. So what's behind the rise in data breaches? Here are three top drivers:

  1. There's more information to steal. When asked why he robbed banks, legendary bandit Willie Sutton allegedly replied, "Because that's where the money is." A similar dynamic is driving the rise in data breaches. These days, companies rely more heavily on technology than ever before to conduct business. They store valuable data in the cloud, including customer account and financial information and other personal data in greater numbers. That's why hackers are working overtime to gain access to this valuable data, which they can sell or use.
  2. Technology automates hacking. There are many different hacking methods, but specialized hacking software now makes it easier for cybercriminals to target multiple businesses and individuals, playing the percentages to gain access to data. Websites are scanned and assessed for vulnerabilities. Hackers conduct password attacks, gaining access via brute force (guessing passwords until they crack the code), dictionary attacks (programs that try various word combinations at scale) and keylogging (software that tracks user input).
  3. People are lax about security. Hacking is often a crime of opportunity. In the wake of news-making hacking incidents, investigations have found evidence of incredibly lax handling of log-in credentials or poor security practices by vendors that leave companies vulnerable to data breaches. But while hacking attacks on government agencies and large corporations generate the most media coverage, small businesses may be at an even greater risk since they have more valuable data than individuals but are typically less secure than large firms.

There's not much business owners and individuals can do about the first two data breach drivers, short of going back to the pre-Internet, pre-mobile technology era. But you can greatly reduce your vulnerability to hackers by following some commonsense practices and considering technology solutions that can strengthen security. Here are some tips that can help:

  • Make sure your software is up to date. Your operating system and antivirus provider will notify you when it's time to update your system or renew your protection. Itís a good idea to act on that right away since the update may contain patches for new threats. The less current your security software and operating system are, the more vulnerable you are to a data breach.
  • Teach employees to reduce risks. If you manage employees, make sure they understand how to protect themselves online. A best practices program administered at orientation is a good idea, as well as periodic updates to ensure that employees understand how hackers target companies and can recognize the signs of a data breach.
  • Put formal security policies in place. Once employees understand how to reduce risks, employers should hold them accountable with a policy that requires the use of strong passwords (a combination of upper and lowercase letters plus numbers and symbols) for each site and mandates a password change every 60 to 90 days. Since many employees use personal devices at work, itís a good idea to have guidelines for safe personal device usage.

There's no indication that the massive hacking problem confronting individuals and companies will end anytime soon. There's too much incentive (in the form of profits) for hackers to cease their criminal activity, and there's no magic-bullet technology solution on the horizon to make websites and devices safer.

Passwords will continue to be the first line of defense against hacking, so the best thing you can do right now to decrease your vulnerability is to commit to using strong passwords and changing them regularly. That can be a challenge because it's tough to remember so many different, complex passwords--one for every secure site you visit. But whether you choose to use a password management software solution or go it alone, your response to the rise in data breaches will determine how likely you are to fall prey to hackers.

Related Reading

Introduction to Bots
The Ocean Is Full of Phish
Digital Identities Can Tame the Wild, Wild Web
The Brave New World of Distributed IT Security

About the Author

Bill Carey is Vice President of Marketing & Business Development at Siber Systems Inc., which offers the top-rated RoboForm Password Manager solution. Find out more about RoboForm at http://www.roboform.com.


 
Subscribe to
Information Security Today







Bookmark and Share


© Copyright 2008-2017 Auerbach Publications