Published on October 1st, 2020 | by Luke Fitzpatrick0
Data Breaches Are About More Than Just Privacy
On July 21, 2020, police arrested a 15-year-old child for allegedly posting online the sensitive medical records of thousands of people. From Mandurah, the youth may be responsible for one of the most massive leaks of medical records in the history of the state, but are children really to be held accountable for making poor decisions?
It’s easy to place the blame for a hacking occurrence on the perpetrator, but what about the business collecting the data? Should it bear responsibility for protecting consumer data? What about consumers? Do they share in the blame because they are indiscriminate about the type of information they post online?
Image Credit: Unsplash
Kids that steal data
Self-described online as Script Kiddie, the Australian teenager has not been identified by police due to his age. The moniker is slang for someone using existing computer scripts to hack into computers because they lack the expertise to write scripts themselves.
Just ten days later, authorities charged a British man, Florida man, and 17-year-old teen with hacking Twitter accounts of several politicians, tech leaders, and celebrities in an attempt to gain Bitcoin payments from followers. Authorities believe the teen was the mastermind of the plot.
If these were isolated events, most consumers wouldn’t give the stories much more than a passing thought, but these young men are not alone. Since 1994, James Kosta, Matthew Weigman, Jonathan James, Michael Calce, and Richard Pryce have each been responsible for a security breach, been caught, and served prison time for their roles in the theft of data.
Not strictly a male sport, Adenna Cooke, Xiao Tian, Anna Chapman, Kristina Svechinskaya, Ying Cracker, Kim Vanvaeck, and others have gained infamy for their crimes as well. Starting as young as 13, these kids are responsible for hundreds of millions of dollars in loss and data loss.
It’s no wonder data breaches are of the most significant concern for most organizations, from a business risk perspective, as quality data gives you the cutting edge. Businesses that fall prey to hackers—of any age—typically suffer extreme financial loss, long-lasting damage to reputation, disruption to business operations, and, in some cases, legal liability.
According to the Cost of Data Breach Study released in 2018, businesses suffering a data breach average a loss of $7.91 million. The on-going financial impact due to the damage to their reputation is much harder to pinpoint.
In a hyper-connected world, news of a breach becomes a headline nearly instantaneously. Even for the consumer that has never interacted with a compromised brand, news of a breach is long-lasting. It can affect the person’s willingness to transact with the business in the future—in other words, a loss to future revenue.
A Centrify study found that 65% of data breach victims lost trust in an organization as a result of the breach. An Interactions Marketing survey found that 85% of customers affected tell people in their network about the experience; 33.5% do so on social media and 20% post comments on the business’s website.
A Veritas survey found that 79% of consumers said they feel companies have the responsibility of keeping consumer data safe, and 71% said they expect these companies to “stand up to cybercriminals.”
What may be most alarming to businesses is that 65% of their customers believe the business should pay financial reparation for its failure to protect their data, 40% of consumers lay the blame directly on the CEO, and 23% in favor of the CEO receiving a prison term.
Plan to keep customers safe
Businesses today must be aware and must be prepared to keep their customers’ data safe. Though not all-inclusive, these six areas of focus will help companies to become more secure and, in the event they are compromised, allow them to minimize the damages by acting quickly:
- Limit access to the company’s most valuable data;
- Demand and verify compliance from third-party vendors;
- Educated employees on what they should look for and develop a security awareness training program;
- Keep all company software up to date, especially security patches;
- Develop a plan for how the company will respond to a cyber threat or breach; and
- Require difficult-to-decipher passwords from all staff as well as the resetting of passwords regularly.
With customer sentiment as it is, businesses would be well advised to focus on cybersecurity before their customers become victims.