The IT security conversation has taken a decisive turn toward health care-focused matters in the past year or so, as massive breaches have struck the sector far more often than virtually any other one of late. The Identity Theft Resource Center has logged 248 breaches in the medical field alone this year, which represents more than one-third of all events recorded. What's more, the health care sector has lost more than 120 million records, which is more than two-thirds of the total number of compromised files in 2015.
However, while health care has been more at risk given the higher value of patient files than any other consumer categories of data, retail is still just at risky as it was when it remained at the center of the IT security discussion. Despite the fact that there has not been another Target-sized breach in a couple of years, the business category of the Identity Theft Resource Center's report has seen 290 breaches, or 40.4 percent of the total number of events.
As such, retailers need to remain galvanized against the threat of hackers and other sources of lost data. Studies have indicated that the average organization - regardless of industry - is spending more on security solutions and fortifications, but the price of data breach has not gone down at all yet, and the frequency of the events continues to rise. Retailers need to remember that these events can have profoundly negative impacts on their reputations, financial stability and more.
If you would like to see a relatively brief video on the retail data breach landscape of late, check out this video from the RSA Conference on that matter, as well as the state of Payment Card Industry Data Security Standards:
With all this in mind, it should be clear that any business that handles payment data in any form - which is virtually all organizations at this point - needs to keep its ears to the ground and watch out for new and emerging threats, as well as those that have been around for a decade. A combination of plenty of research and the support of managed services to assist in security fortifications can reduce the threat of data breaches in any business, and the time to get moving on these projects is now.
Another major event strikes
VTech recently released a statement on a breach that it believes began on November 14 and impacted as many as 5 million of its customers' accounts. The Hong Kong-based toy maker does not believe that payment information was compromised in the attack at this point, but the breach, which lasted until November 24 without being detected, the specific portal that the hackers broke into did have some concerning pieces of information.
For example, the database did include names, passwords, email addresses, IP addresses, mailing addresses and download history - all of which can represent some issues with privacy. What's more concerning, though, is that the database also contained the birthdays, names and genders of children, as the toy manufacturer uses this information within accounts for various reasons.
Now, while it might seem as though credit and debit card data will be the most dangerous to lose, these other pieces of information will be a direct threat to the identities of the children who were impacted. It is worth noting here that childhood identity theft is a significant issue, and one that often goes undetected for years - and sometimes close to two decades - given the fact that college loan applications or the first attempt at acquiring a credit card will be the earliest time parents look over their children's credit scores.
While VTech did make it clear that all impacted customers have been notified and steps are being taken to avoid another event such as this one, The New York Times reported that parents are not any less fearful. The news provider also pointed out that the websites contained pictures of the kids who had accounts, which is unnerving for any adult to imagine.
According to the source, several states have already announced that they will be launching an investigation in the near future to get to the bottom of the issue.
Progress being made
Now, the current goal should be to begin slowing the acceleration of breach frequency, and in a new survey released by DNV - GL Business Assurance found that companies are indeed beginning to cover some ground in the security arena. The researchers sought out the opinions of 1,200 individuals regarding the ways in which their companies are currently approaching security, and found that leaders have started to make this a "normal part of business operations," rather than "a tactical defensive job owned exclusively by the IT department."
"Retailers have a long path to travel to reach stronger security."
This might not seem like a big deal at first, but it certainly is. One of the main issues that has propelled data security issues higher throughout the past decade has been the unwillingness of decision-makers to make the matter a core issue in their corporate strategies. Now, it appears as though they are, which bodes well for the future.
"Despite economic challenges we are seeing a broad 'next step' occurring in the way companies in all sectors approach data security," DNV - GL Business Assurance North America President Faith Beaty explained. "Key indicators are the degree to which top management is involved, and the growing mindset that information security is an organizational priority, not just a technical problem."
At the end of the day, retailers and others have a long road to travel to reach more protected and secure statuses, and small-business owners will likely struggle the most to gain a handle on these matters. However, with the use of managed services from a trusted provider - especially one that can assist with PCI DSS audits and fortifications - entrepreneurs can begin to reduce their risk of experiencing major, long-lasting data breaches.