If as much media and business attention was paid to awareness days as there were to data breaches, the problem may not be so prevalent.
Speaking to IT Security Guru, Sarb Sembhi, an analyst and director of Incoming Thought, said that days like Data Privacy Day do not make the public more aware of breaches, as the public is only concerned momentarily when they think they are affected..
“It is a shame that there isn’t much media attention given to today as there is to data breaches, and those organisations that have suffered a breach have not given thought to privacy. People are only interested momentarily when they think that they have been compromised even despite revelations that the US Government was collecting information. But when Angela Merkel was revealed to have had her phone hacked, she took it personally and – rightly so – it became an issue for her.
“People in Government are only aware of issues if and when something happens to them. Until it happens to you, you don’t realise.”
Prakash Panjwani, senior vice president and general manager of data protection solutions at SafeNet, said that with at least 740 million data records exposed in 2013, making it the worst year in history for reported breaches, it is obvious that we’ve reached an unprecedented level of crisis when it comes to data security and that there is a new mindset needed.
“We should be thinking about how to enable a secure breach environment. Of course, we want to prevent breaches in the first place, but today’s reality necessitates a shift in thinking so that organisations are not relying solely on breach prevention approaches, but are prepared that a breach will happen,” Panjwani said.
“This type of preparation leads to the employment of tactics and technologies, like encryption, to mitigate the impact of a breach. If the value that cyber criminals derive from stolen data is removed, their motivation to break in will disappear. That’s the only way we avert the crisis and reverse the trend.”
Christian Toon, head of information risk at Iron Mountain, said that with no concrete proposal yet put into effect on the European Data Protection Directive, many firms are not taking sufficient steps to secure themselves against a data breach and few have shown any real commitment to building a company-wide culture of information responsibility that is led from the top.
“Companies need to understand that there is more at stake when their information is compromised than the immediate financial consequences of meeting a fine imposed by the regulators. They also risk losing customer loyalty and suffering reputational damage that could subsequently have a negative impact on their share price,” he said.