The data breaches at big-name companies such as JPMorgan Chase, Home Depot, Target, Kohls, Sony and this week Anthem Health raises questions about the effectiveness of the private sector’s information security. According to FBI Director James Comey, “There are two kinds of big companies in the United States. Those who’ve been hacked…and those who don’t know they’ve been hacked”. A recent survey by the Ponemon Institute showed the average cost of cyber crime for U.S. retail stores more than doubled from 2013 to an annual average of $8.6 million per company in 2014. The annual average cost per company of successful cyber attacks increased to $20.8 million in financial services, $14.5 million in the technology sector, and $12.7 million in communications industries.
Below is a list of most known cyber attacks on private U.S. companies since the beginning of 2014. This list includes only cyber attacks that have been made known to the public. Most companies encounter multiple cyber attacks every day, many unknown to the public and many unknown to the companies themselves. Experts say that these firms should be doing more to build secure infrastructures for the data they house, and are now suggesting people actually take out Cyber-Insurance. OMG, seriously, create another profit center for the Insurance companies that are already stealing billions from people? I disagree 100%. The problem is simple. The technology being sold to people and businesses is subpar. Very little thought has been put into developing “secure” platforms. Instead companies rush to go live with weak databases or most commonly, promote useless apps and peddle them like candy to children hoping to increase users (downloads) in the hopes of being acquired or going public. Of course the primary cause for this has been and always will be greed. Money is main driver for commerce. Data has been the “be all” “end all”. Otherwise useless applications would never have a chance to be built and brought to market before they solve a problem or are useful. Every day I read the tech journals and cannot believe how many new apps are launched that serve no purpose. Additionally, it lacks mindfulness that venture capital is throwing billions at these useless apps in hopes of gathering more data on all of us.
The data breaches below are listed chronologically by month of public notice.
- Neiman Marcus
- Yahoo! Mail
- Aaron Brothers
- Unnamed public works (energy and utilities). According to the Department of Homeland Security, an unnamed public utility’s control systems were accessed by hackers through a brute-force attack on employee’s log-in passwords.
- F. Chang’s China Bistro
- S. Investigations Services (services). U.S. Investigations Services, a subcontractor for federal employee background checks, suffered a data breach in August, which led to the theft of employee personnel information.
- Community Health Services
- Defense Industries
- Home Depot
- Apple iCloud
- Goodwill Industries
- Bartell Hotels
- S. Transportation Command contractors
- P. Morgan Chase
- Dairy Queen International
- Anthem Health
As cyber attacks on retail, technology, and industrial companies increase so does the importance of cybersecurity. From brute-force attacks on networks to malware compromising credit card information to disgruntled employees sabotaging their companies’ networks from the inside, companies and their customers need to do more to secure their data. John Hering, co-founder of mobile security firm Lookout, told CNBC recently. “In the current state of the world, there’s almost no way for companies to protect their date from cyberattacks”.
“For any given unit of time that goes by, the probability of an organization being compromised is trending to 100 percent,” he said in a recent Squawk Box interview.
Health insurer “Anthem” announced on Wednesday that the personal data of about 80 million customers and employees had been compromised in what it called a “very sophisticated” cyberattack. While the breach did not expose financial information, the hackers gained access to names, birth dates, Social Security numbers, street addresses, email addresses and employment information.
“We need to move to a world where security is not reactive, but proactive and predictive,” he said. In the case of the Sony hack, which exposed corporate emails and leaked unreleased films, Hering said there were indications that the system had been compromised six months before the breach became public. Banks in particular are very focused on cybersecurity and have controls and protections in place. He noted that most consumers are not liable for attacks that compromise their bank accounts.
However, the insurance industry—which like health care is consolidated and large—has not taken cybersecurity as seriously as the financial services industry, he said.
This leads me to my final point. The Cloud makes no sense. Years ago, we all secured our data on our own hard drive. Then the push to cloud came and everyone got on board while the big three pushed it on us like bad loans by the banks in 2003. We were all told it would be easier to have it in the cloud right? Sure, access your data on “any” device, cool. It’s all BS people. It’s always about control. Everything resides in the cloud now and for many of us who use it – even temporarily, we have found it is more difficult to get down from the cloud once you’re up there. It’s not heaven. Nope, it’s hell.
What is more difficult for a hacker? Hacking 1 million people separately, or hacking one company and getting a million people’s data all in one place?
In 2014 I pulled everything off the cloud and it was not easy. There’s still stuff up there that I cannot remove, so how’s that for effective?
I’m not sure if it will happen and when, but it seems logical to me that we all migrate our personal data back to our own hard drive and secure it as well as we can. We all know that our data is not safe with the firms that store it, but at least we can secure the data we “do” have control over ourselves.