In January 2012, 24 million people were shocked to discover that their email addresses, street addresses, phone numbers, credit card details and encrypted passwords had been stolen when online shoe and clothing retailer Zappos was hit with one of the biggest data breaches in history.
Zappos wasn’t the lone ranger in what was a bad year for data privacy. Global Payments has lost an estimated $94 million stemming from when a March 2012 breach exposed 1.5 million consumers to fraud. Visa promptly dropped Global Payments as a compliant partner in accepted industry data security standards, causing irreparable damage to the organization’s reputation.
From the mightiest of brands to the smallest of organizations, 2012 proved that no-one is immune to data breaches. Yahoo!, LinkedIn, eHarmony, Experian, Wyndham Hotels, Adobe, The Brighton and Sussex University Hospital NHS, Barnes and Noble, Stoke on Trent Council and even NASA fell. A long and shocking list that merely scratches the surface in a year when nearly half of senior IT professionals in the UK admitted they have experienced data breaches. The issue is no better in the US, with malicious or criminal attacks on data continually rising, and the average total cost per company that reported a breach last year being a colossal $5.5 million.
Hiding your Savings Under the Bed
Information is today’s currency, traded in black markets around the world. It isn’t just a possibility that organizations will experience a breach; it will happen, and it is just a matter of time. When it does happen, the reputational damage to organizations can be immense, as witnessed by Visa’s rejection of Global Payments.
Leaving customer and constituent data undefended is the modern version of hiding your life savings under the bed. Organizations must start taking the threat to information seriously if they are to adequately protect customers, constituents and corporate reputation.
Outside of reputational risk, pressure is at an all-time high thanks to increasing attention from regulators. Breaches and abuse of personal information hit the top of the agenda for the European Union in 2012, when substantial restrictions on how companies handle personal data were put forward under the draft European Data Protection Regulations. This proposal is being put before the European Parliament shortly, so no doubt the results of this will be watched and commented on with great interest.
In the first six months of 2012 alone, the Information Commissioner's Office (ICO) levied a shocking £1.4 million in fines to organizations across the UK, while in the same period, US authorities issued fines totaling $3.3 million. Of course, 2013 has already seen a high-profile data security case, with Sony recently fined £250,000 by the UK’s data protection watchdog, after millions of gamers’ personal details were leaked online.
Despite the potential financial penalties organizations face, according to research last year, 59% of senior IT professionals in the UK admit they still don’t have confidence in their ability to detect the unintentional loss or theft of sensitive information within their organization, and only 25% cite having sufficient budget to invest in necessary solutions.
2013: The Year of Prevention
When it comes to security, organizations tend to take steps only as a reaction when something bad happens. A reactive strategy isn’t going to provide the necessary protection. Preventative measures are clearly the best way to avoid the risk of a data breach.
Organizations must keep evaluating the steps they are taking to prevent data breaches. As a result, this year we’ll likely see an increase in the adoption of data masking technology and masking for cloud applications as organizations implement more sophisticated tools and parameters to protect against data breaches.
Don’t Forget the Silver Lining
Although data security and data privacy continue to challenge organizations of all sizes, there is also an opportunity presented by the necessity for prevention. It’s an opportunity that is often swept aside in the trend toward reactive breach strategies.
Maintaining accurate, consistent and comprehensive consumer data is a key to prevention. Add to this the likes of data masking technology, which offers smart tools for preventing unauthorized users from accessing that data, and companies can then set about monetizing their data with confidence. An asset that has so carefully been aggregated, analyzed and secured as part of preventative measures can now be harnessed as a key asset encouraging innovation.
Whereas 2012 was a bad year for data privacy and security, the time to take preventative action to minimize risk in 2013 and boost innovation is now.
Mark Dunleavy joined Informatica UK in 2006, first as a financial services manager for the data quality practice, and later on as a sales and business development director for the financial services practice. He became the managing director for Informatica UK in January 2012, and now holds primary responsibility for managing sales as well as business and solution development in the UK and Ireland, using Informatica's products and partners. Prior to his move to Informatica, Mark worked as a sales manager for SpiritSoft, and later as a financial services sales manager for Similarity Systems.