Data breach costs companies on an average $220 per compromised or lost/stolen records1. Per the Identity theft resource center2, US businesses reported 780 data breach incidents totaling over $170 million compromised customer records in 2015. US businesses lost more than $37 billion to contain the data breach related damages. This cost does not even address the impact on brand value and cost of lost opportunities because of operational disruptions.
While a large percentage (40%) of data breaches are results of hacking or malicious attack and often a popular topic of discussion in social media, employee and vendor error along with system glitches are the primary reasons for the majority of the data breaches (1,2,3).
Employee and third party vendors seem to be the weakest link when it comes to the privacy data protection. People makes mistakes or take shortcuts even when they are provided necessary training. Many leading organizations have established privacy data protection training programs and have formal or informal data protection policies in place. In spite of that, we are seeing an increase in the number of employee and vendor-related data breaches.
Why do errors happen? Because people makes mistakes. And Sometimes – it is easier to work with unencrypted data – for example, Anthem did not encrypt social security number of its 80 million customers4. If the data were encrypted, it would have been less valuable to hackers. Most Often people do not have time to double check that the data transmission do not contain sensitive information. It is a matter of fact that unencrypted sensitive data routinely being exchanged between employees, third party vendors and a nowadays to the cloud. Most cloud infrastructure providers like AWS providers provide rigorous encryption mechanism – however, employees or vendors often do not take full advantage of these security protocols5 either because of time crunch or ignorance regarding privacy policies – exposing organizations to regulatory compliance issues and costly data breaches.
The obvious solution is to enforce adherenace to the established data security policies. It is impossible verify compliance with the secuirty policy because of the presence of myriad number of data sources, data processes, information exchanges and manual touch-points. The most practical solution is to monitor all critical data repositories and information exchanges to ensure compliance with the security policy.
When large volume of data is exchanged at a very high velocity, in a variety of formats, from myriad number of internal data sources with the large number of vendor partners, monitoring the data for compliance can become costly and operationally disruptive if appropriate technology is not selected. Enterprises should consider leveraging linearly scalable big data based privacy data monitoring solutions to achieve compliance without disrupting normal flow of business operations. More importantly, such solution should not require significant coding and configuration to ensure extensive adoption within the enterprise.
- 2016 Cost of Data Breach Study: United States, Ponemon Institute LLC June 2016 – sponsored by IBM
- http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2015.pdf
- https://www.egress.com/en-US/blog/human-error-main-cause-of-data-breaches
- http://www.wsj.com/articles/investigators-eye-china-in-anthem-hack-1423167560
- https://nakedsecurity.sophos.com/2013/03/29/amazon-s3-cloud-storage-data-leak/
