Forty-seven percent of adult Americans have had their personal information compromised in the last 12 months, according to figures from the Ponemon Institute. Up to 432 million online accounts have been broken into over that time.
The figure comes out on the heels of a number of massive security breaches at such companies as eBay (EBAY) and Target (TGT). Unfortunately, even with security being a well-known issue, many companies fail to safeguard information for a number of reasons.
"Most companies don't fully understand or address their security risks," according to the 2014 U.S. State of Cybercrime Survey. Only 38 percent can prioritize security spending based on risk and the impact on their businesses. Even as the number of cyber attacks increase, "most U.S. organizations' cybersecurity capabilities do not rival the persistence and technological skills of their cyber adversaries."
The implications for consumers whose information is taken can be serious. The loss of credit card or debit card numbers poses an immediate financial risk, particularly for debit card users because laws protecting consumers from card fraud apply to credit cards, not debit cards. Personal data can be the basis of identity theft, with criminals potentially using it to establish fake credit accounts or as a tool to break into other accounts.
Just over the last 12 months, the number of online break-ins has been staggering. Crooks gained access to the accounts of 145 million eBay users, according to Reuters. Target CEO Gregg Steinhafel resigned after company earnings dropped 16 percent as a result of its huge data breach last fall and the ongoing repercussions for the loss of information on 70 million customers and 40 million debit and credit cards.
Adobe (ADBE) lost 33 million user credentials and 3.2 million credit and debit card numbers. Michaels (MIK) craft store chain, lost 3 million credit and debit cards and Neiman Marcus lost 1.1 million card numbers. Data for a "significant number" of AOL's (AOL) 120 million user accounts were taken, as was information from 4.6 million Snapchat user accounts.
After so many examples of this problem, the obvious question is: Why don't companies take better care of the information entrusted to them. There are a number of answers:
- Many companies are reluctant to invest the money necessary to keep all systems and security patches up to date.
- Executives and managers often dismiss possible problems until one happens to them.
- A constant stream of new vulnerabilities and attacks makes it difficult to keep abreast of everything.
- Too much emphasis and reliance on technology overlooks the procedural mistakes that well-meaning employees can make when trying to help someone who claims to have lost log-on information.
- New types of hardware and operating systems introduce new vulnerabilities, like Apple mobile users being locked out of their devices by scammers.
- Users are sloppy in setting easily-guessed passwords.
Trying to find simple, one-step solutions to fixing online security has been fruitless so far. Because the causes are varied, no single fix is possible, including one recent White House attempt to improve cybersecurity though a national identity authentication system.