Are you data breach fatigued?
Data breaches are nothing new – quite the contrary – in fact their very frequency makes it likely that we’re fatigued to the point of indifference by the number of leaks which are surfacing, reports Telecoms.com (Banking Technology’s sister publication).
Knowing the value of money is a lesson parents have been teaching children for years, but how many are teaching the value of personal information? If you do not know the value of something, can you actually care when it has been lost?
Despite what many people will say, the digital economy is not quite with us yet. Or at least not in the sense which most would want. Whether it is paying for a newspaper with coins, or using your Oyster card to get onto the tube, or flagging down a Black Cab in central London, there are still those around who are embracing the old ways.
We’re in the middle ground right now, where the idea of using information as a currency is a novelty, and because it’s still a novelty, no-one really understands it. If no-one understands it, then no-one really appreciates the dangers. Finally, if no-one really appreciates the dangers, how do we adequately protect ourselves.
This lack of understanding will lead us to leave too much personal information out there, but it will also mean we do not appreciate the damage which can be done through data breaches and leaks. How often are you paying attention to news stories about companies losing data?
Telecoms.com is guilty of this. We do not to cover all data breach stories because there so many of them. It’s not always engaging content because it happens so much; we are breach fatigued. And we suspect many in the general public feel the same as well.
As a disclaimer, we cannot claim credit for the term breach fatigue; credit has to be given to Trend Micro’s VP of security research Rik Ferguson who raised the idea to us in a conversation a couple of weeks ago, but in light of the Equifax meltdown, it is an interesting idea to raise.
Did the data breach at Equifax get anywhere near the same attention as similar incidents in recent months? Or how about the one at the InterContinental Hotels Group in February? Or Verifone in March? What about the Taringa breach where more than 28 million records were exposed?
If it was a bank we would be in a state of hysteria. This is our money which they are messing around with. But this is supposedly the beginning of the digital economy. We should be just as incensed by the exposure of our personal information as this is apparently the new currency of the connected society. Does this difference devalue our personal information?
It’s a vicious circle we currently find ourselves in. If we are not bothered by breaches, it implies we do not value our personal information that much. If we do not value our personal information that much, companies are less inclined to protect it as stringently. When we become desensitised to breaches, companies will start to cut corners; they will soon realise there are fewer consequences. A little less will be spent here, a little bit more risk taken there. The number of breaches will increase, and we will care less. It’s a worrying trend to be involved in.
The big problem is we do not yet know the consequences of data breaches. If a bank loses our money, we know what the consequences are there, but what about personal information? What is there to lose? We haven’t humanised the consequences of data breaches yet. With the Equifax breach 143 million records were exposed, but right now that is 143 million faceless individuals. How do you associate pain with anonymity?
At the moment, people are living in a blissful ignorance of a problem which is everywhere. Perhaps we are losing control of security because people are becoming fatigued by the breaches which are created by a lack of attention.
Every time something is done to correct a problem it is because someone has been punished. There is a human element to the error. Right now we are not seeing the human cost of data breaches, but will the number and depth of these data breaches increase until we do?