Despite a torrent of high-profile data breaches -- most recently at eBay -- many security experts fear businesses and consumers will continue doing little to bolster their protections against cybercrooks until they feel it in their pocketbooks.
[eBay] revealed that a database containing customers' names, passwords, phone numbers, dates of birth, email and home addresses was compromised. But as with most other recent hacks, eBay said it had no evidence anyone's money was stolen. And that -- ironically -- is the problem.
Unless such attacks result in widespread financial losses, experts say, the threat won't be taken seriously.
"Until it hits them at home, it won't matter much," said Scott Goldman, CEO of security firm TextPower, based in San Juan Capistrano. "The very fact that people are becoming numb to the constant stream of breaches indicates the pathetic level of security provided by most online services."
Like many individuals, businesses often balk at the cost of cybersecurity, figuring it's not worth the benefit.
"Most companies are focused on revenues and profits; unfortunately, security doesn't drive either of those two priorities," said Eric Chiu, president of Mountain View security company HyTrust. "Instead, they view investment in security as insurance which they can put off until something bad happens, which is too late."
The problem with that approach, he added, is that it can wind up backfiring.
"As we have seen from Target," he said, referring to the retailer's disclosure in January that thieves stole payment card and other information from at least 40 million of its customers, "the potential costs of not putting customer data as a top priority are brand damage, loss of customer trust and ultimately major business impact."
Target's breach reportedly has cost it close to $1 billion and prompted the May 5 resignation of its CEO.
To bolster customer security, Target has said it plans to spend $100 million to adopt so-called chip-and-PIN payment cards that are harder for crooks to counterfeit and use. Other retailers reportedly are considering doing the same, though researchers warn that the advanced cards also have vulnerabilities.
"Less than halfway through 2014 and we're already beginning to lose count of the number of big-name companies fallen victim to attacks like this," said Alan Kessler, CEO of San Jose security company Vormetric.
Besides Target, U.S. authorities on Monday charged five Chinese military officials with hacking into U.S. corporations to steal trade secrets.
And in April they said they were investigating the criminal sale of Social Security numbers, bank account data and other personal information for up to 200 million U.S. citizens, after a breach at Court Ventures, a Southern California subsidiary of credit-reporting giant Experian. Moreover, the recently discovered Heartbleed bug has endangered data on innumerable websites. (continued...)
© 2014 San Jose Mercury News (CA) under contract with NewsEdge. All rights reserved.
Posted: 2014-05-30 @ 8:59am PT
@C.G.: Thanks for the correction. We have fixed the spelling of Mr. Kessler's last name.
Posted: 2014-05-30 @ 8:26am PT
friendly correction - Alan KESSLER is the CEO of Vormetric
Posted: 2014-05-28 @ 8:18am PT
It's too bad that the focus is on the bottom line and not on the protection of the consumers who are the lifeblood of the business.