Last week, I read in the San Jose Mercury News that California Attorney General Kamala Harris released a report detailing the number of Californians who had sensitive data exposed — including information such as Social Security numbers, bank account information and other personal information — in more than 100 separate data breaches. The number of individuals who were exposed by these breaches? A startlingly high 2.5 million.
As a member of the information security industry, I have a clear vantage point into the seriousness of these attacks. All too often, those of us in this field find ourselves extolling the need for better data protection only to see our recommendations falling on deaf ears. For these reasons, it is encouraging to see the government in general, and California state Attorney General in particular, take this issue so seriously and issue such a loud wake up call.
At a time when free-flowing information through social media and Big Data analytics is considered a huge benefit for organizations, it's also important to be cognizant of potential threats posed to both individuals and organizations. The recently released Verizon “Data Breach Investigation Report” (DBIR) highlights the importance of secure data. With the volume and sophistication of cyberattacks on the rise, perhaps the single most important takeaway is that many of the attacks are “financially motivated cybercrime” and opportunistic in nature.
This tells us one thing: Kamala Harris is right. If organizations are not willing to take the necessary measures to protect information, they shouldn't be storing it. Solutions exist to do this today. In reality, the need that exists is not a technology need, but one of education and resource investment. Organizations of all sizes must invest resources to protect what matters: their sensitive data. If they don't, the negative impact on their brands may prove catastrophic because once you've lost a customer's trust, it is exceedingly difficult to regain it. With literally millions of Californians exposed by these data breaches, chances are that many have yet to experience the aftermath of having personal information, like their social security numbers, stolen. It is quite possible that the downstream effects will be much larger than anyone is anticipating.