So far 375 million customer records compromised in 2014

Posted by Sticky Password Jul.30, 2014 in Passwords & Security

fb-post57bWe’ve reached the halfway point of the year and it’s a good time to evaluate the situation in data security so far in 2014. According to the numbers, the bad guys are having a bumper crop this year. The folks at Help Net Security have assembled their report for data breaches since January, and the numbers are pretty scary.

A few highlights from the report:

  • 3 of the top 5 breaches were based in the US with the other two breaches occurring in Europe.
  • Healthcare breaches make up 23% of all incidents.
  • Government was the second least secure sector after retail, accounting for 11 percent of all records that were lost or stolen.
  • Malicious outsiders are targeting businesses’ most critical records. They are responsible for compromising 99% of the records and 56% of the incidents this quarter, more than any other source.

A particularly damning piece of information in the report is (our emphasis):

  • Encryption was used in only 10 of the 237 reported data breach incidents. Of those, only two could be classified as secure breaches in which encryption restricted the access of stolen data.

That’s terrifying. Businesses aren’t encrypting the data that they are responsible for. While it may be that the bad guys were just going after the ‘easy pickings’ of businesses that they knew don’t use encryption (which would be unlikely), the data suggest that even with all the talk of data security, too many companies aren’t doing anything about protecting their customers’ data.

Our prediction: in the not-to-distant future, data security is going to be a selling point for all sorts of businesses. We’re not talking about the products being sold, but what’s in the back office! From greeting cards to online groceries to books and healthcare, businesses are going to differentiate themselves from their competitors by the security infrastructure they have in place.

Here’s our suggestion for all businesses: do whatever it takes to protect your customers’ data like it was your first born child. (No, we’re not exaggerating!) Don’t collect any data you don’t need, and make sure you encrypt the data that you do collect.

Once you’ve set it all up, promote your new security infrastructure to current and future customers. Let them know that they will be safe with you. All other things being equal, that will be the significant selling point in your industry soon.

In addition to being conscientious with your passwords, what are you going to do on a personal level to make it harder for the bad guys?

Here’s to a great and safe second half of 2014!