Forty-seven percent of Americans had personal information exposed in the last year by hackers, according to new Ponemon Institute research.
Up to 432 million accounts were compromised as databases at major companies like Target, Twitter, Evernote, eBay, AOL, and Adobe left masses of user data in the hands of cybercriminals who continued to strike gold against increasingly porous cybersecurity.
If the last 12 months look bleak, there’s little reason to believe the next 12 will be any better. The next big hack is coming. It’s not a question of if, just when. The answer, undoubtedly, is very soon. There are very few breathers in between big break-ins these days.
Data breaches can give away extremely sensitive information. When Target was attacked in one of the most prominent attacks of 2013, hackers walked away with millions of customer names, credit and debit card numbers complete, expiration dates, and three-digit Credit Verification Value (CVV) codes.
Just last week, eBay was attacked and hackers made off with usernames and encrypted passwords. The extent of the damage isn’t yet clear—it’s possible that the encryption holds and the passwords prove useless—but all 145 million eBay users were told to change their passwords after the attack.
If, like a lot of people, users shared the username and password across multiple accounts, then all of a sudden a huge portion of their digital life may be vulnerable. Many people can’t even remember just how many accounts share the exact same username and password, leaving themselves unknowingly exposed to a single hack.
That’s not all. Names, dates of birth, addresses, and phone numbers are floating out there with protection that regularly gets broken. That kind of information can lead to stolen or hijacked identities that can take weeks or months to detect.
As the Internet becomes indispensable in our lives, computing has become sophisticated beyond comprehension. Every single website and application you use is a puzzle of systems interacting with each other in changing ways, held together by string and the sweat of information security professionals who are fighting unknown opponents with shifting capabilities. It isn’t enough. They’re just human beings, after all.
A recent survey of 500 American businesses found that over 75 percent have had security incidents in the last year. In fact, each business averaged over 135 incidents and a third of the respondents say the frequency of attacks has increased. The businesses said they lost an annual average of $415,000 to cybercrime last year to say nothing of the data lost.
If that sounds like a lot, it’s only part of the picture. Sixty-seven percent of businesses were unable to calculate how much cyberattacks cost.
Many American businesses are defending themselves poorly. The same survey found that only 38 percent invest strategically in cybersecurity based on risks and impact to business. A tiny 17 percent take steps to classify which data are most valuable to business.
It takes almost no skill and very little knowhow to launch a basic cyberattack today. Readymade hacking products make the whole process easy for anyone with some money to spend. Add a little education and talent to that picture and all of a sudden, the Internet is a hacker’s oyster.
My own data was breached in the Adobe and eBay hacks. It will almost certainly happen again.
“It’s becoming more acute,” Larry Ponemon, head of the Ponemon Institute, told CNN. “If you’re not a data breach victim, you’re not paying attention.”