It seems that not a day goes by when there is not a story about a major data breach in the news. And the reason for that is that in 2011, there were more than 400 major data breaches — more than one every day! In today’s article, Intersections’ Consumer Security Adviser, Neal O’Farrell breaks down the data breach and provides some helpful tips on what you can do to protect yourself should your records be compromised.
Ever wondered why there are so many data breaches and why they keep happening. In 2011 there were more than 420 reported data breaches, or an average of more than one every day. And some of these breaches exposed millions of personal and customer records. What's more worrying is that in at least 80% of these breaches, Social Security numbers were exposed.
A security firm called Trustwave did an investigation of more than 300 data breaches and exposed some interesting statistics and trends that might help to explain why so many businesses keep losing our personal and private information:
- Personal customer records were the target of hackers in nearly 90% of the breaches.
- Surprisingly, the food and beverage industry made up the majority of investigated breaches (44%), followed by retailers at 33%. Normally the biggest targets for data breaches are educational institutions and healthcare but in this report they only accounted for a combined 2% of investigated breaches
- Also surprising was the focus by hackers on franchised businesses, where the local business is owned by individual business owners. More than a third of the breaches happened at franchised businesses.
- When malware was used in the attacks, it was only detected by anti-malware software in just 12% of the attacks — suggesting the thieves are easily able to get past the most fundamental security defenses.
- But perhaps not that surprising is that the most common password being used by these breached organizations was "Password1"
So how are the attackers breaching security so often and so easily? The report exposed another troubling trend — in more than three quarters of the breaches investigated the access point was traced to third parties, like suppliers, partners, and technology developers. This suggests that while an organization you do business with might be doing all it can to protect your personal information, all the hard work can easily be undone when the partners they rely on are not as focused on protecting you as they should be.
And in more than 80% of the breaches investigated, the biggest weakness identified was poor passwords. Weak passwords continue to be exploited by hackers and intruders, and in spite of endless education on the subject, for some reason employees continue to choose passwords that can be guessed or cracked in seconds. If the most common password found in these attacks was Password1 (it's a default password that employees obviously couldn't be bothered to change), it suggests that we shouldn't give up on educating everyone about the need for stronger and smarter passwords.
And what fixes did the report recommend? The very first recommendation of their report was better user and employee education, saying "The best intrusion detection systems are neither security experts nor expensive technology, but employees. Security awareness education for employees can often be the first line of defense."
What else can you do?
- Use this as a reminder to beef up your passwords. Imagine how you'd feel if your weak password was cracked by hackers and used to launch a costly attack on your workplace?
- Be vigilant and careful when paying at a fast-food restaurant. Security can be a big problem here because they have limited security, a high staff turnover, and often few background checks on employees. Consider using a credit card instead of debit card when paying at one of these establishments so you're not giving hackers access to your bank account.
- Spread the word. If you believe in security, and the role of each of us has to play in protecting our little corner of cyberspace, then share that idea with others. If each one of us were to change just a couple of our bad computing or financial habits, these crimes would be much harder to pull off.