As our digital lives move increasingly online, security breaches are exploding in number and scale.  Is it possible the public is becoming numb, or at least accustomed to massive losses of personal data?  A succession of major high profile data breach incidents have dominated the headlines, affecting the personal information of millions of ordinary Americans.  In the last year alone, the hits have come one after another.

Any time a discussion like this comes up, we can start the conversation with Target, a retail giant where millions of Americans shop.  That breach affected 110 million credit and debit accounts.  A recent attack at Adobe, a software company saw 33 million user credentials stolen plus another 3.2 million stolen credit cards.  Michaels, another retail giant itself saw 3 million cards affected in a breach last year. The latest news was eBay which reportedly lost the account information of every single account in its database.  The list goes on and at the current pace will continue, leaving some to wonder who will be next.  In a nation of 317 million, at these rates it won’t be long before we stop talking about who is affected by these breaches and start talking about who isn’t affected.

The problem isn’t just about how much of our personal and financial lives have gone digital, gone social and gone mobile.  After all, these are natural targets for cyber criminals. The other side of the problem is a range of increasingly sophisticated attacks that have helped create this climate. Cyber criminals have gotten very adept at strategically targeting people, attacking the security structure where it is weakest, the human element.  They have added the art of clandestine intrusion, sowing seeds for infiltration into an environment and lingering inside of that environment for months ahead of the ultimate act of hacking.  The tools of hacking are cheap and easy, and thus entire criminal groups have stepped up to take advantage of this dark cyber economy.

This is the year for security

Right now, more than ever, we may be at a tipping point.  The breach numbers are hard to ignore and the frequency of major breaches seems to be more regular. The security industry is stepping up with solutions designed to deal with these issues.  Delivering some insight Neal Ball, a high-profile SSL certificate industry veteran touched on the state of security:

“I’ve never seen a threat climate quite like this.  While security is getting better, a lot of this emerging technology is still reactive. There’s a front line that we frequently see get broken in these hacks, at the moment you connect.  How do you know who you’re transacting with?  Before anything else, if you can’t truly validate a digital transaction, then you’ve got some real issues. Just look to the Heartbleed issue to see how critical the trust component is.”

Security technologies that are emerging today are multi-layered, integrated throughout the modern environments, from mobile to apps to cloud.  Identity and authentication are indeed initial boundaries on possibly the most important front in security.  Among the other various technologies that are leading the way, some address the veracity of app code, some search for anomalies in the data environment, others further integrate breaking intelligence on shared platforms.   Out of these various technologies and improving security constructs, consumer and businesses stand to benefit from an elevated security posture.  If there was ever a time that security was critical, it would seem that in the wake of these continued mass breaches, this may be it.

Cyber crime effects

The effects of cyber crime on consumer and business are comprehensive and far reaching.  Businesses may face fines, restitution costs, audits, investigation, and other legal costs.  They may also lose reputation and transactions due to a breach.

Consumers in the meantime face the loss of personal information, including names, dates of birth, email and credit information.  The financial costs can be quite tangible, but the impact of identity theft can linger for years.  Recovery is difficult, and many people such as children and young adults may not be aware their identity has been stolen until it is too late.

LibertyID.com is an identity protection and restoration service that offers help for consumers dealing with the aftermath of cyber crime.  LibertyID Founder & Chief Strategy Officer Travis D. Mills describes the difficulty for the consumer:

“It takes an average of 200 hours and $6,000 for an American to restore their stolen ID; while it’s possible to resolve it on their own, forget about working a full-time job or being present for your family.  The restoration and recovery process is a full-time job.”

Stopping the madness

Perhaps the biggest threat may be that the public could become unresponsive to the news of big breaches.  Throwaway apologies and replacement credit cards only go so far.  I believe there are some things that companies can do to better answer these challenges.

• Do security better, meet the cutting-edge security threats with cutting edge technologies, improved security policies and personnel
• Sometimes that means outsourcing help, so look to services
• Embrace transparency in the wake of breach incidents
• Find great talent with leading thoughts and vision to fill security leadership positions
• Seek and maintain the trust of the public
• Let your commitment to security ring

CEO’s and other execs have been coming under fire in some cases, as accountability is on the way up, alongside the concerns of the public and shareholders.  It’s also about time some cyber criminals actually get caught, prosecuted and put into the spotlight.   Consumers should demand better assurances that their information is well-protected and take additional action to secure their information.  It’s time for both consumer and industry to step up and start asking questions on how security can be done better.

photo credit: shoothead & psyberartist via photopin cc