AMU Cyber & AI Homeland Security Opinion Privacy

Cyber-Attacks and Data Breaches: Encryption and Security Must Improve

By Brad Apitz
Special Contributor for In Homeland Security

On Oct.2, news surfaced of yet another data breach involving the financial records of millions of Americans. JPMorgan Chase announced a massive cyber-attack that compromised the personal information of 76 million consumers and 7 million small businesses. There is speculation that the perpetrators involved in the attack are Russian and possibly state-sponsored.

This event adds to a long list of high-profile data breaches in the past 12 months. Just last month, Home Depot acknowledged the compromising of approximately 56 million credit and debit card numbers during a breach of their systems between April and September this year. Late last year, during one of the busiest times of the year for American shoppers, Target confirmed approximately 40 million cards were compromised between Nov. 27 and Dec. 15.

Yet these data losses are not new. For example, in 2007, nearly 90 million consumer cards were impacted when hackers compromised consumer data held by TJMaxx Companies. From a public sector perspective over the years, we have seen the birth and rise of the United States Cyber Command (USCYBERCOM) and a continued government focus on the need to militarize information.

However, data loss events in the private consumer realm are a consistent concern. With diverse and constantly adapting technology, the tug-of-war between those who hunt for data and those who retain it is ongoing. As we have seen through our relatively brief history of data loss experiences, it is not a question of if someone will be impacted by the loss of personal or financial data, but rather when.

The general consumer must now understand and appreciate that technology—and the necessity of convenience it naturally conceives—creates an unmitigated potential for loss of personal information. Indeed, it is virtually impossible to prevent data loss once it leaves the consumer’s wallet. People must adopt an attitude of preparedness—not one of shock or surprise when the next data breach occurs.

There is a critical need to educate the general consumer on what they need to do in order to proactively mitigate the damage inflicted by data breaches. The rollout of such education can be conducted in the same way federal, state and local governments host preparedness weeks for a variety of topics, be it emergency preparedness, severe weather awareness, or a National Fire Prevention week. On the other side of the equation, companies that hold onto consumer data must reevaluate if it’s worth retaining—and if it is—they must find better ways to secure and encrypt the data they store.

Comments are closed.