Unlimited Access. Try it Today! Your First 10 Days Always $0.99
News Opinion Op-Eds

Poor data security is a growing crisis [Commentary]

If 2013 has taught us anything, it is that we have a growing data security crisis. Four of the top 10 data breaches of all time occurred last year, with more than 575 million data records accessed, lost or stolen according to one source that tracks data breaches.

It seemed every week there was a news story about a major security breach in which customer data was either accessed or stolen. Companies that we all know, use and trust with our personal and financial information were affected, from major retailers and social media companies to financial institutions. The troubling trend was not necessarily the number of incidents but the scale of the data breaches. It's likely only to get worse.

Why is this happening? Of course hackers and organized crime are getting more aggressive and sophisticated in their attacks. But that's the easy answer. The reality we are not willing to face is that conventional data security and breach prevention measures are not working very well any more. Even more worrisome is that there are several technology trends that have the potential to expose data to greater risk of theft if companies do not adopt a new data security mindset soon.

Our world is quickly becoming an Internet of Things where every person, place, object and organization is connected through the Internet. The proliferation of the cloud, mobile device usage, e-commerce and social media means that we are creating, accessing and storing data and conducting transactions in more places than ever before. We simply have more to manage and more places of exposure.

In the online world, the average person has about 25 accounts for things such as banking, email, entertainment and social media but only uses about seven passwords for all of them. Studies have also shown that 70 percent of the passwords contain eight characters or less. These weaknesses can be easily exploited by hackers that can find a password in seconds running an unsophisticated program.

Our mobile devices have also become great sources of data loss and attack vectors for hackers. A 2012 U.S. government report stated that variants of malicious software known as "malware" aimed at mobile devices increased by 185 percent in less than a year. In addition, many of the ways in which we use our mobile devices are unsecured. Most mobile devices lack security software and can transmit data over unencrypted wireless connections. And owners do not always use secure user authentication when conducting sensitive transactions, like online banking.

The last area is the cloud, which has transformed the world of corporate information technology. It is this new world of cloud IT that now also supports many of the online services we use every day as consumers. Three quarters of companies are using, or plan to use, some type of cloud service and it is expected that this year half of businesses will be using four or more cloud services. This means that more companies are storing more of their own data and the data of their customers in environments where they may not have complete control of the security.

This newly interconnected online world of cloud, mobility and social media presents an even greater risk to our data and information because of obsolete approaches to network security. The typical company today puts most of the emphasis on perimeter security measures, such as network firewalls and content filtering, to keep the bad guys out. These are good security measures, and there is nothing wrong with them. The problem is that companies rely on them as the foundation of network security. Based on what we witnessed in 2013, it doesn't look like this approach is working very well.

The new data security mindset companies need to adopt is to accept reality as it is and assume their networks will be breached. Security needs to be attached to the data so that businesses can secure the breach and maintain control of their data wherever it is, whether it is the cloud or on mobile devices. For example, by using strong encryption on an end-to-end basis, the value of data is reduced to near zero even when it falls into the hands of thieves. Trying to keep today's adversaries out of the enterprise solely through breach prevention is a fool's errand.

Dave Hansen is the president and CEO of SafeNet. His email is askdave@safenet-inc.com.

To respond to this commentary, send an email to talkback@baltimoresun.com. Please include your name and contact information.

Copyright © 2015, The Baltimore Sun
Related Content
  • More than 309,000 identities exposed in University of Maryland cyberattack
    More than 309,000 identities exposed in University of Maryland cyberattack

    Hackers stole names, Social Security numbers, other information

  • No weather TLC without TWC
    No weather TLC without TWC

    People love to talk about the weather. And people listen to those who know what they're talking about — like meteorology guru Jim Cantore. But when Verizon FiOS unexpectedly dropped The Weather Channel (TWC) from its line-up on March 10, those voices went silent for the cable company's...

  • The conservative case for same-sex marriage
    The conservative case for same-sex marriage

    Before the current Supreme Court session ends this summer, the justices will make a landmark decision on same-sex marriage. But conservatives shouldn't wait to lose in court. They should accept same-sex marriage now.

  • The people's representatives should be elected
    The people's representatives should be elected

    Members of Congress don't always complete their terms due to factors like death, a new job and scandal. When a House seat becomes vacant, the Constitution requires an election to fill it, and every House member has been elected. The 17th amendment established direct election of Senators as...

  • More quality teachers, fewer administrators
    More quality teachers, fewer administrators

    Each year when it is time for executive central office school officials to present their proposed school budget to local government officials for approval, a funny thing happens. The needs of children anchor the plea for more funding. From a political perspective, this is a tough plea to...

  • Supergirl Power
    Supergirl Power

    About a year ago, I walked into Gotham Comics in Westminster with the intention of restarting my comic book collection after letting it lie dormant since the comic book boom of the early 1990s. Upon entering the store I was immediately confused.