The information security industry is reporting that more than 1.5 billion (yes, that’s with a “B”) emails and passwords have been hacked. It’s hard to tell from the article, but this could be the big one. (And just when we thought that James Bond had taken care of the Russian mafia.) From both large and small companies, nobody is safe. According to the experts the sites ranged from small e-commerce sites to Fortune 500 companies. At this time the experts aren’t telling us who the big targets were. We could be very unpleasantly surprised.
Most security experts admit that the bulk of the post-breach activity will be email spamming. Insidious to be sure. But imagine if the hackers were to get a little more intelligent about what they have. How many individuals reuse passwords? Experts say over 90% of consumers reuse passwords between popular sites. And since email addresses are the most universally used “user name” on those sites, the chance of that 1.5 billion identities translating into millions of pirated activities is fairly high.
According to the recent published Ponemon study; 24% of respondents don’t know where their sensitive data is stored. That is a staggering amount. Further complicating the issue, the same study notes that 65% of the respondents have no comprehensive data forensics capability. That means that consumers are more than likely to never hear from their provider that their data had been breached. Until it is too late.
So now I guess we all get to go change our passwords again. And we don’t know why, we just have to. This is annoying. But it’s not a permanent fix to have consumers constantly looking over their virtual shoulders. Let’s talk about the enterprise sized firms first. Ponemon indicates that 57% of respondents would like more trained data security personnel to protect data. And the enterprise firm should have the resources to task IT personnel to protect data. They also have the ability to license best in class technology to protect data. There is no excuse not to implement an enterprise data masking technology. This should be used hand in hand with network intrusion defenses to protect from end to end.
Smaller enterprises have similar options. The same data masking technology can be leveraged on smaller scale by a smaller IT organization including the personnel to optimize the infrastructure. Additionally, most small enterprises leverage Cloud based systems that should have the same defenses in place. The small enterprise should bias their buying criteria in data systems for those that implement data masking technology.
Let me add a little fuel to the fire and talk about a different kind of cost. Insurers cover Cyber Risk either as part of a Commercial General Liability policy or as a separate policy. In 2013, insurers paid an average approaching $3.5M for each cyber breach claim. The average per record cost of claims was over $6,000. Now, imagine your enterprise’s slice of those 1.5 billion records. Obviously these are claims, not premiums. Premiums can range up to $40,000 per year for each $1M in coverage. Insurers will typically give discounts for those companies that have demonstrated security practices and infrastructure. I won’t belabor the point, it’s pure math at this point.
There is plenty of risk and cost to go around, to be sure. But there is a way to stay protected with Informatica. And now, let’s all take a few minutes to go change our passwords. I’ll wait right here. There, do you feel better?
For more information on Informatica’s data masking technology click here, where you can drill into dynamic and persistent data masking technology, leading in the industry. So you should still change your passwords…but check out the industry’s leading data security technology after you do.