For cyber-security professionals, 2017 may have been “The Year of the Data Breach.” It’s not that data breaches just started happening last year — cyber-criminals have been at it for quite some time. But the number of high-profile breaches, as well as the sheer number of consumers being affected, seem to have hit an all-time high.
According to the non-profit Identify Theft Resource Center (ITRC), last year saw 1,253 reported data breaches. That’s a nearly 15% increase in the record-setting number of breaches that occurred just the year before, in 2016.
Not too long ago, consumers didn’t pay that much attention to data breaches. Most didn’t think or realize that their personal information was at risk. Last year, that laissez-faire attitude came crashing down as consumers were rocked month after month with news of huge breaches at very visible public companies.
Equifax, Uber, Facebook, Yahoo and eBay are some of the companies that found themselves in the spotlight for all the wrong reasons. The attacks didn’t just target internet companies, however. Cybercriminals didn’t discriminate — they went after state and local governments (WannaCry in Atlanta, SamSam took down Colorado DOT), health care organizations (Anthem/Blue Cross Blue Shield and UNC Health Care), universities (Oklahoma, Washington State), hotels (IHG, Hyatt), retailers (Forever 21, Kmart, Saks Fifth Avenue) and even the US government (FAFSA, SEC).
So, what have consumers and IT security professionals learned from all this?
One positive thing that high-profile data breaches did accomplish is they brought cyber security concerns out into the general public discourse. Consumers are a lot less likely to skip over a news story about a data breach today. Many now pay much closer attention to protecting their own personal information, and are more vigilant about checking up on breaches that have the potential to impact them — like with Equifax.
The IT security industry has responded as well. For one, demand for cyber security specialists has skyrocketed. Firms are having trouble filling positions, with an estimated two million shortfall of qualified IT professionals projected for 2019.
But, have businesses and top decision-makers learned anything?
The leaders of Equifax, Uber and Facebook are certainly facing a considerable backlash for the failure to protect their platforms. They’re also being criticized for not being forthcoming or responsive enough to the concerns and needs of their consumers. All three companies are working through lawsuits brought forward by their consumers. The lawsuits are still working their way through the legal system, so, it’s not yet apparent what lessons these companies have learned.
But, it’s safe to say that the rest of the business community is on alert. Consumer data protection is a must — not a “nice to have.”
Is IT Security Better Today?
The positive takeaway from the Year of the Data Breach, is that data security is no longer the forgotten cousin to IT infrastructure concerns. Data protection is top of mind for both consumers and the organizations that collect and store consumer data.
With the highly anticipated GDPR (General Data Protection Regulation) going into enforcement earlier this year, the emphasis on data security is no longer optional. Now, businesses have an obligation to think about and protect the data that their consumers allow them to collect. And consumers, themselves, are empowered to exercise greater control over what data they share and how their data is stored.
So, while 2017 was a bad year for data breaches, 2018 may prove to be a turning point for consumer data protection.
Beacon Knows IT Security
If you haven’t reviewed your organization’s IT security needs in a while, or are unsure of what security protocols are in place, Beacon’s highly capable and responsive team of IT professionals can help. Give us a call at 336.265.2700.