[BreachExchange] Are Consumers Accepting Data Breaches as the New Normal?

[Audrey McNeil]

http://dataconomy.com/data-breaches-new-normal/

Today, we’re more connected than ever thanks to the prevalence of
smartphones in our lives, and their integration with Cloudservices. This
comes at a cost, however. With so much of our personal information online,
data breaches are becoming more common.

So what exactly is a data breach? In essence, it is an incident where an
unauthorized person gains access to sensitive or confidential information.
This may include personal health information, personally identifiable
information or trade secrets. Many people have experienced this in the form
of stolen credit card numbers or even hacked social media accounts. It has
become very common in the United States. In fact, in 2015 alone there was a
total of 781, an 8.1 increase from 2014. The most common causes of data
breaches are:

Hacking
Employee error/negligence
Email/Internet exposure

Targets and Consequences

One of the most notable examples of a large-scale data breach is the 2013
Target hack where cybercriminals were able to steal the identity of
millions of customers. While not necessarily unique – other retail stores
have experienced data breaches as well – what happened after did surprise
many as a class action lawsuit made it to courts and required Target to pay
consumers who had experienced credit card theft. This set a new precedence
for lawsuits against retailers who experience a data breach.

The IRS is a constant target for criminals and in 2016 hackers were able to
get a hold of their transcripts, compromising the information for 100,000
taxpayers. One can operate under the assumption that due to the high-value
data they contain, government databases are going to be future targets.

Retail stores and government agencies aren’t the only targets, as evidenced
by the data breach of the University of Florida. Hackers gained access to
thousands of names, social security numbers and ID numbers of the students
and professors. Wherever data is being held, hackers will try to find a way
in.

For retail stores, a data breach could spell doom. It turns out 65 percent
of consumers are unlikely to do business with a store after leading to a
loss of profits. As data breaches increase, banks and other companies have
put more safeguards in place to protect people’s identity such as
chip-enhanced cards and adoption of Apple Pay and Google Wallet.

Of course, even with the additional security layers, there’s still
potential for identity theft as hackers become more sophisticated. For
contactless payment in general, security experts note that while RFID and
NFC offer good cryptographic protection, most deployment uses proprietary
technology opening up phones and payments to new insecurities.

Have Consumers Become Complacent?

Despite the uptick of data breaches, many consumers seem to take data
breaches in stride. Does it mean they have gotten used to the idea? The
fact that consumers are less likely to do business with stores that have
been compromised show that isn’t necessarily the case. So why do they
appear unconcerned? There are a couple reasons:

Many consumers do not believe it will happen to them.
Some argue that consumers are suffering from data breach fatigue, a
condition where they ignore or minimize the consequences of having their
information compromised. As many as 33 percent of consumers ignore data
breach notices. Of those that do read the notice, more than 50 percent take
no action to protect themselves. However, opinions differ, as evidenced in
this survey by Experian, which suggests that consumers do not react as much
to data breach notices, because they have already taken cautionary steps.

Across the board, consumers demand more privacy and protection but are
unwilling to use privacy enhancing systems such as Virtual Private Networks
or in some cases even basic security software. Of course, even if they take
measures to protect their information, if the business’s own security is
compromised, no measures the consumer takes on their end will keep their
information safe.

For this reason, many consumers have simply accepted that a data breach
will happen at some point. Unfortunately, this acceptance makes it easier
for hackers. If consumers stop reporting, companies will not know of any
security issues and some may even stop caring about cybersecurity. This
will eventually embolden more hackers to attempt data breaches as they are
less likely to suffer repercussions for their actions. This is a downward
spiral that can get dangerous quickly.

For many consumers, data breaches have become the new normal and, for the
most part, many do not suffer any major consequences. In fact, it is the
company who experienced the breach that bears the brunt of the financial
burden. Still, there are very serious drawbacks for consumers such as a
potentially damaged credit history or maxed out medical coverage.
Therefore, it’s important for both businesses and consumers to take the
necessary precautions to reduce the opportunities for identity theft.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161110/ee7a0120/attachment.html>