Today, Josh Keller, K.K. Rebecca Lai and Nicole Perlroth published a fantastic interactive piece of content in the New York Times that directly points to the very serious nature of identity theft. The article features an app that prompts readers to indicate whether or not they’ve provided sensitive data to 26 well-known organizations (retailers, healthcare organizations, social media sites, etc.) that experienced a recent data breach. Upon completing the survey, a tally showing the number of instances hackers have potentially seen the reader’s sensitive data.
Visualizing actual numbers that directly relate to individual sensitive data exposure is a perfect way to illustrate how often consumers are victimized. Perhaps more alarming is the fact that only 26 organizations are included. Another site that tracks similar information and allows the database to be searched is Troy Hunt’s ‘have i been pwned’ site which lists several dozen more. It is safe to assume that this is the tip of the iceberg, given the almost daily incidences of data breaches.
Additionally, the authors touch on two critical points, as it relates to sensitive data privacy:
1. “How can you protect yourself in the future? It’s pretty simple: You can’t.”
This is undeniably true. As soon as consumers swipe a card, fill out a form or create a profile, control transfers from their hands to someone else’s. They have no option but to trust that when they share their SSNs, credit/debit card numbers, dates of birth, home addresses, phone numbers, etc., that they will be as safe as possible.
2. “Security experts say there is no way to keep hackers out of systems with traditional defenses like firewalls and antivirus software. With breaches now the norm, organizations are finally moving towards more modern defenses, like monitoring software that can pick up unusual network activity and two-factor authentication, a system that requires employees and Internet users to enter a second, one-time password when they log in from a new computer. But security experts say the only way information can be protected is to scramble it with encryption technology that makes it unreadable to hackers.”
Yes and no. The old mindset is antiquated and breaches are now the norm. The solutions suggested above are all valid, but it ignores the importance of sensitive data management. What percentage of the breaches mentioned in the article (and the myriad of incidents not included) could have been far less damaging had they shrunk their data footprint to its smallest possible size? Incorporating sensitive data management into the overall security strategy is non-negotiable today.