C-3PO once told the immortal Han Solo that the odds of successfully navigating an asteroid field is approximately 3,720 to 1, to which he replied, “Never tell me the odds.”
While Mr. Solo’s approach of ignoring the odds is often preferred by many, here’s a startling statistic that cannot afford to be ignored — more than 50% of all households in the United States were affected by a data breach that occurred at the largest bank in the USA, JPMorgan Chase earlier this year.
The bank confirmed in a regulatory filing that the compromised data impacts approximately 76 million households and 7 million small businesses. From some perspective, there are a little over 120 million households in the US.
The information compromised includes names, addresses, phone numbers, and email addresses, as well as internal information relating to such users.
There are two linings of silver to this grim tale, though- firstly, JPMorgan Chase stated that there is “no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during the attack.” Secondly, as of yet, no unusual customer fraud has been observed on any of the compromised accounts.
Data breaches are incredibly commonplace in the US with RT.com reporting in May that half of all US adults were hacked in the last 12 months. Given that two big breaches, the aforementioned JPMorgan Chase incident as well as the Home Depot breach happened after May, it seems likely that that the number of hacked US adults has tipped way over the halfway point by now.
Big banks are a frequent target for hackers- the finance industry was the one with the highest number of security incidents with confirmed data loss in 2013, as reported in the 2014 Verizon Data Breach Report. Hackers are constantly and relentlessly attempting to gain access to the sensitive data stored in their servers, and even the tiniest chink in their armor can prove disastrous.
Staying secure requires the same level of smarts, technology, and persistence that the hackers possess, if not more. It’s a constant battle to stay one step ahead, and unfortunately, as this incident proves, the hackers are getting better at winning.
While up-and-coming security technologies like Apple Pay and EMV tokenization are set to even out the odds in the card present space, there is an immediate and very real need to protect sensitive customer data right now in the present.
If there’s anything we can all learn from this – it’s that no one is immune from hacking. If the biggest bank in the US with one of the largest IT security budgets can still suffer a data compromise, what chance do the rest of us have to avoid the same fate?
Common sense always prevails and you can’t tackle a complex problem with even more complexity. Bringing it back to basics is the solution here, and in most sensitive data compromises, the common denominator is personal data. Hackers are out to steal personal data because personal data can be easily monetized.
If this is the case, how do you prevent a compromise from happening? You take away what the bad guys are trying to steal.
So focus on your data – not on your perimeter defenses. Ask your security team – what have we done to ensure that in the event a hacker breaks through our network, they’re unable to steal any of the data we’re storing?
Start with that, and you’ll be in a stronger position than most.
To experience how you can easily find sensitive data before the bad guys steal it, take a Enterprise Recon for a spin,