It seemed like data breaches were everywhere last year. Some will say this was because the media was simply paying more attention in 2015. One thing is for certain, though, more breaches were made public in 2015 than many of us have ever seen.
So what started all the attention? Although it didn’t happen last year, the Target breach of 2013 was a driving force behind the momentum of data breach discussions. It was staggering in size, its effects were widespread, and what made it even more frightening was that it was all the result of a hack that infiltrated the POS system.
The Target hack of 2013 proved that security is more than simply protecting your consumer-facing online presence. Security is about protecting consumer data – regardless of how and where it is obtained, or where it is stored. The media began to pay close attention, and has been quick to call out any and all that neglect to protect customer data and information.
…focusing on hacking while neglecting training and procedures is like putting iron bars on the front door of your home and then completely removing your back door.
So what can we learn from the 781 data breaches that occurred in the US in 2015? Well, according to the Identity Theft Resource Center (ITRC), the top four causes of breaches were Hacking/Skimming/Phishing) (38%), Employee Negligence (14.9 %), Accidental Exposure (13.7%), and Insider Theft (10.6%).
This has been interpreted in a couple of ways:
- Hacking (38%) accounts for over 1/3 of all data breaches, so it’s best to put the majority of your security resources there…just to be safe.
- Security resources should focus on the other three items in the top four. Combined, they account for 39.2% of all breaches, and all revolve around problems with training and/or process.
The truth is that no one will complain if you’re doing everything you can to protect your company from hackers. Executives know about the hacks and expect their folks to respond. Plus, hacking gets all the good press. But the rest of the truth is, focusing on hacking while neglecting training and procedures is like putting iron bars on the front door of your home and then completely removing your back door.
So what can we learn from the year of the data breach? Well, while hacking is still a major problem behind data breaches, it’s not the only one. In fact, the majority of breaches happen because employees or business partners aren’t aware of security best practices, policies, and procedures. So in addition to investing in protection against hackers, companies must continually educate employees on how to treat sensitive information. They must also begin to require their business partners to do the same and ask for proof that training took place.
There’s no question that security will continue to be a two-front war in 2016 and beyond. And paying close attention to all the battles being waged will be the only way to ensure the safest possible environment possible for online shoppers while protecting your company from an onslaught of negative media scrutiny.