Big Bad Data Hacks of 2014: Lessons Learned
Data breaches are too common. Information security professionals need to consider strong data security and secure collaboration solutions to reduce risk.
19 December 2014
Quick: What do eBay, Target, JP Morgan Chase, and Goodwill have in common?
In 2014, each reported a major data breach that compromised the personal information of thousands — even millions — of unsuspecting customers. Private records (Social Security numbers, PINs, email addresses, driver’s license numbers, and other sensitive account data) were swiped for potential use by identify thieves or other shadowy players.
In fairness, it’s important to note that these organizations are not alone in suffering a data hack — far from it. Hardly a week goes by without another incursion making headlines. Think of the recent breaches at Bebe Stores or Sony Pictures Entertainment (whose ongoing data scandal continues to unfold amidst a media feeding frenzy).
Data breaches not only hurt the brand, they shatter customer trust. And, they can deliver a body blow to the bottom line: the average cost to a company was $3.5 million, according to the Ponemon Institute’s 2014 Cost of Data Breach Study. That’s up 15 percent from last year.
Security specialists have already tagged 2014 as “the year of the data breach.” To understand why, here’s a sampling of some of the biggest hacks to date (those involving 800,000 records or more).
Big Bad Data Hacks of 2014
Number of Records Exposed
|JP Morgan Chase||
|Community Health Systems||
|Oregon Employment Department/WorkSource Oregon||
|Sources: Insurance Business America, Privacy Rights Clearinghouse, and Information is Beautiful|
There’s no question that the sheer size of these incidents is eye-popping. But the list also highlights the increasing frequency of breaches as well as the variety of targets (retailers, health care providers, charities, government agencies) coming under attack.
The message here? No organization or enterprise is immune to data theft today, which is why strong data security and processes are vital.
Lessons for the Future
Predicting the future is an inherently risky business. However, it’s probably safe to say we will see more and bigger data breaches in 2015. With that thought in mind, corporate leaders must consider taking preventative measures to keep their company information buttoned up. Here are three helpful suggestions from PwC’s 2014 US State of Cybercrime Survey:
- Increase corporate investment in security. An ounce of prevention — in the form of the latest security tools, technologies, and staff — is worth of pound of cure. If you don’t have a strong security presence yet, consider hiring a Chief Information Security Officer or Chief Security Officer to monitor corporate networks and implement policies to secure and protect data.
- Educate employees about best security practices. And don’t make it a one-time event. Ongoing training is key to keeping workers alert to new threats arising from phishing, malware, or social engineering scams.
- Assess the security of third-party service providers. In recent high profile data breach incidents, an outside vendor was hacked in order to gain access to a company’ systems. If it could happen to Target, it could happen to any business. It’s key that outside providers have strong security and compliance practices in place to keep information safe.
Steff Gelston is a professional journalist whose editorial career spans magazines, newspapers, and websites. She spent five years at International Data Group (IDG), including three years as a senior editor at CIO magazine with coverage oversight of IT staffing and the mid-market. Before joining IDG, Gelston was an assistant business editor at The Boston Globe. She has also worked for Inc.com, the Boston Herald, and the Boston Business Journal.