What in the World is Going On with Data Breaches?

What in the world is going on with Data Breaches? 

I will be the first to admit that I am not a cybersecurity expert, but as a person who is among the several millions that has had my health data, buying patterns, and PII digitized, I am frightened on a daily basis about identity theft. Yes, I know I can buy insurance to protect myself and have done so but I still feel vulnerable. So, the question is why has the frequency increased and what are corporations doing about it.

Cyber Threats 2017 (c)MLitz-b.png

I saw an interview on a business network this week that provided some insight that unfortunately did not make me feel any better. James Foster, the CEO of ZeroFox noted that in 2017 we have had more high profile breaches than in the past two years combined. That is a staggering statistic. Essentially, we are seeing capitalism at work in a nefarious manner. The cost of attacks are going down and the outcomes are improving therefore more hackers see an easier market for stealing data and reselling it to the bad guys.

Foster went on to point out that companies are more vulnerable because they are working on the basics. The basics as defined by CISO’s is patch management and upgrading firewalls. Those things are important but Foster points out that corporations are not prepared to spend the money to protect against the new attack surfaces on the net. Those are social media, mobile apps and collaborative platforms which become the way for Trojan horses to enter the network and do bad things.

So what is the answer? Well as you may imagine there is no silver bullet but Europe is ahead of us in creating regulations for high profile companies such as Equifax and banking institutions to impose strict fines when breaches occur. James Foster was reluctant to suggest this, but it is a path. The idea of expecting the government to police these situations makes the hair on my free-enterprise-capitalist’s neck stand up. The market should police itself. However, as we are seeing, the calls to Cyber-911 on these matters have been very slow. So what are your thoughts? Regulation or self-policing?