Early bird tickets for Baltimore’s BEST party on sale now!

Poor data security is a growing crisis [Commentary]

If 2013 has taught us anything, it is that we have a growing data security crisis. Four of the top 10 data breaches of all time occurred last year, with more than 575 million data records accessed, lost or stolen according to one source that tracks data breaches.

It seemed every week there was a news story about a major security breach in which customer data was either accessed or stolen. Companies that we all know, use and trust with our personal and financial information were affected, from major retailers and social media companies to financial institutions. The troubling trend was not necessarily the number of incidents but the scale of the data breaches. It's likely only to get worse.

Why is this happening? Of course hackers and organized crime are getting more aggressive and sophisticated in their attacks. But that's the easy answer. The reality we are not willing to face is that conventional data security and breach prevention measures are not working very well any more. Even more worrisome is that there are several technology trends that have the potential to expose data to greater risk of theft if companies do not adopt a new data security mindset soon.

Our world is quickly becoming an Internet of Things where every person, place, object and organization is connected through the Internet. The proliferation of the cloud, mobile device usage, e-commerce and social media means that we are creating, accessing and storing data and conducting transactions in more places than ever before. We simply have more to manage and more places of exposure.

In the online world, the average person has about 25 accounts for things such as banking, email, entertainment and social media but only uses about seven passwords for all of them. Studies have also shown that 70 percent of the passwords contain eight characters or less. These weaknesses can be easily exploited by hackers that can find a password in seconds running an unsophisticated program.

Our mobile devices have also become great sources of data loss and attack vectors for hackers. A 2012 U.S. government report stated that variants of malicious software known as "malware" aimed at mobile devices increased by 185 percent in less than a year. In addition, many of the ways in which we use our mobile devices are unsecured. Most mobile devices lack security software and can transmit data over unencrypted wireless connections. And owners do not always use secure user authentication when conducting sensitive transactions, like online banking.

The last area is the cloud, which has transformed the world of corporate information technology. It is this new world of cloud IT that now also supports many of the online services we use every day as consumers. Three quarters of companies are using, or plan to use, some type of cloud service and it is expected that this year half of businesses will be using four or more cloud services. This means that more companies are storing more of their own data and the data of their customers in environments where they may not have complete control of the security.

This newly interconnected online world of cloud, mobility and social media presents an even greater risk to our data and information because of obsolete approaches to network security. The typical company today puts most of the emphasis on perimeter security measures, such as network firewalls and content filtering, to keep the bad guys out. These are good security measures, and there is nothing wrong with them. The problem is that companies rely on them as the foundation of network security. Based on what we witnessed in 2013, it doesn't look like this approach is working very well.

The new data security mindset companies need to adopt is to accept reality as it is and assume their networks will be breached. Security needs to be attached to the data so that businesses can secure the breach and maintain control of their data wherever it is, whether it is the cloud or on mobile devices. For example, by using strong encryption on an end-to-end basis, the value of data is reduced to near zero even when it falls into the hands of thieves. Trying to keep today's adversaries out of the enterprise solely through breach prevention is a fool's errand.

Dave Hansen is the president and CEO of SafeNet. His email is askdave@safenet-inc.com.

To respond to this commentary, send an email to talkback@baltimoresun.com. Please include your name and contact information.

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad