First identified as an industry issue a decade ago, data breaches are now part of the consumer vocabulary. Check out this infographic from ID Experts, A Decade of Data Breach…An Evolution. Data breaches have evolved from credit card fraud with financial consequences to medical identity theft with life-threatening implications. According to leading experts, the frequency, severity, and impact of data breaches are expected to escalate. Industry experts forecast top trends in data breach, privacy, and security:
Global criminals. Criminals are now globally connected and increasingly part of organized crime rings.
Rick Kam, president and co-founder, ID Experts
Advanced persistent threat (APT). APT is the biggest threat to organizations, whereby hackers gain access to a network and remain there undetected for a long period of time.
James Christiansen, chief information risk officer, RiskyData
Malicious attackers. Hacktivists and national states have an advantage over today’s defenders of corporate data and IT infrastructure.
Dr. Larry Ponemon, chairman and founder, the Ponemon Institute
Breaches affect everyone and everything. Data breaches affect large and small businesses of all kinds, regardless of sophistication, and high- and low-tech information.
Kirk Nahra, partner, Wiley Rein, LLC
Information can be infinitely distributed, causing limitless damage. The electronic health information privacy breach epidemic is an unanticipated “game changer” in that health information can be stolen from anywhere in the world, distributed to an infinite number of locations for an infinite period of time and can cause limitless damage.
James C. Pyles, principal and co-founder, Powers Pyles Sutter & Verville PC
Increased enforcement risk. Regulators at both the federal and state levels in the U.S. and in many foreign countries have become, and will continue to be, increasingly aggressive in investigating security breaches and obtaining substantial monetary settlements or penalties from responsible organizations.
Philip Gordon, shareholder, Littler Mendelson, P.C.
Identity theft will not go away, until the issue of identity is solved. “Identity-proofing” consumers involves verifying and authenticating with numerous technologies, and the flexibility of consumers to recognize a slight trade-off of privacy for security.
Robert Siciliano, CEO, IDTheftSecurity and personal security and identity theft expert
Real-time prevention. The rate of exposure for personally identifiable information is now so great, we must concede that the data itself is no longer able to be protected. Our defensive strategy must now shift to real-time prevention of the abuse of this sensitive information by criminal elements.
Anthony M. Freed, Community Engagement Coordinator, Tripwire Inc.
More digital devices and technologies, to digitize personal data.
Drones, utility smart meters, automated license plate readers, and more powerful facial recognition software—all used to collect and digitize consumers’ sensitive personal data—will provide more opportunities for government to resell consumer data, forcing consumers to demand better privacy protections and read/approve/decline company privacy statements.
George Jenkins, editor, I’ve Been Mugged
Many data breaches are avoidable if commonsense security practices are in place. In recent cases brought by the Federal Trade Commission against companies that experienced data breaches, the companies’ security practices did not protect against even readily foreseeable threats. Companies need to use “reasonable and appropriate security measures” for handling consumers’ personal information
Joanna Crane, senior consultant, Identity Theft Assistance Center
Long-term monitoring. Data obtained by hacking, theft or unauthorized access, isn’t always used immediately by the perpetrators. Organizations need to develop a tactical plan for incident response that includes persistent, long-term diligence and monitoring, due to the possibility of lag time that can occur between the time of the data breach and the fraudulent use of consumer information.
Robin Slade, development coordinator, Medical Identity Fraud Alliance (MIFA) and president & CEO, FraudAvengers.org
Continued business naiveté. Corporations continue their delusional belief that data security and cyber privacy are a byproduct of purchasing better technology. It helps, but it’s the human beings using the technology correctly (or not, in the case of most breaches) that actually delivers results. Forward-thinking companies will focus assets on training the stewards of their valuable data.
John Sileo, privacy evangelist and CEO of The Sileo Group
Data Breaches: Past, Present and Future
The article, A Decade of Data Breach: Tracking an Evolving Threat, outlines the evolution of data privacy and security threats, gauges the landscape today, and offers what’s on the horizon for the next decade.
“Organizations face difficult challenges,” said Larry Ponemon, chairman and founder, the Ponemon Institute. “Many do not have the capability to withstand security exploits and information system compromises. For the longer term, I predict that the information security community will rise to the occasion and overcome this imbalance of power through innovations that strengthen our ability to reduce the risk.”
View the infographic of the evolution of the data breach here.