Which Data Breach Will Finally Wake Us Up?

The world has finally decided data privacy and security is worth talking about. Congress enjoyed pelting Mark Zuckerberg with questions that made the digital natives point and laugh. We also enjoyed getting this cautionary note from Twitter this week:

Hi @MeganLewczyk,

When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log. We have fixed the bug, and our investigation shows no indication of breach or misuse by anyone.

Out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password. You can change your Twitter password anytime by going to the password settings page.

It’s starting to feel like the boy who cried wolf. We’re getting a barrage emails about the General Data Protection Regulation (GDPR) but who’s bothering to read them? There’s no point, really. We’re lazy when it comes to this sort of thing because it doesn’t have much impact on whether or not I’m going to continue using Etsy, Slack, or LinkedIn.

The illusion of data safety  

There were over 53,000 security incidents this year, including more than 2,200 data breaches, which means our digital security, privacy and safety online, are a hot mess. With the number of applications and other digital services I use each day, is any of my personal data really safe?

Probably not. But, are we willing to make a radical change to our lifestyle to go cold turkey on all the technology we have infused into our daily lives? No, not even if we say we would draw the line.

After 11 years of warnings from Verizon’s annual Data Breach Investigations Report (“DBIR”), and year after year of frightening statistics and grave warnings about data breaches, nothing seems to make much of a difference.

This year, we’ve got:

  • Ransomware attacks on the rise. This type of attack accounts for 39% of malware-related beaches.
  • Plenty of Phish. Phishing campaigns are fairly convincing these days, and 4% of people will fall for one. That’s why two-factor authentication is so important, even if it’s annoying.
  • Uninvited guests don’t knock. Outsiders perpetuate most (about 73%) of cyberattacks.

Oh boy, regulations!

So, naturally, some people want to add a dash of regulation to save us from ourselves. It’s why we ended up with GDPR in the first place; a blanket set of rules that force companies to be more transparent about their data privacy policies. The European Union will be dollying out hefty fines for noncompliance — up to 20 million euros or 4% of annual turnover (read: British jargon for total revenue).

Bust out another hundred thousand

With fines and the ridicule of being splashed across the world news headlines as a motivator, companies are throwing money at it. And it’s not going to be cheap.

CSO Online said:

Little wonder then, that 92% of US multinationals surveyed by PwC named GDPR as a top priority, and 77% plan to spend $1 million or more on compliance.

Even one of our profession’s own is willing to ante up. Since Deloitte didn’t bother to set up two-factor authentication and had a breach last fall, they just announced they’re planning to spend $580 million over the next three years to keep up “as pressure increases on the ‘big four’ accounting firms to fend off attacks that could jeopardise [jeopordize] client data.” This compared to the $50 million per year it historically spent on cybersecurity according to a recent Financial Times article.

While it’s on the whole pretty doom and gloom, here’s my takeaway:

We all want technology to do our dirty work and make our life easier, so we get complacent. We’re lazy with our passwords, and laissez-faire with our data privacy because that quiz on Facebook — you know, the one to tell you which Disney Princess you are and needs to know your basic profile and friend list — is just a click away. Little decisions every day expose us to risk.

If we could stop being so lazy on an individual level, companies would not have to clean up the mess, and that chunk of cash could go to something more productive. You know, like urban beautification projects like the “National Velvet” sculpture in Denver or the Vigeland Sculpture Park in Norway.

Related articles

RSM Did a Little Talent Shopping At the Big 4

And Adams & Co. came away with a new tax principal and a new risk consulting leader. First up is Brad Collins: In his role as a principal with the firm’s national tax team, Collins leads the firm’s efforts to identify opportunities where RSM can eliminate tax data management challenges for private equity and hedge […]