Get a free application, infrastructure and malware scan report - Scan Your Website Now

Biggest Security Risk – “Data Breach Fatigue”

Posted DateNovember 5, 2014
Posted Time 3   min Read

A seemingly endless series of headlines about data breaches has drawn greater attention to all the deficiencies and problems surrounding digital security.

Earlier this year, OpenSSL, the protocol that protects much of the Internet, was hit by the Heartbleed bug and exposed most of the online community. Then there was news that Russian hackers got 1 billion sign-in credentials this summer. The iCloud hack and leak out of sensitive personal photos created a shiver down the spine of many celebrities. Hackers broke into the world’s biggest bank, JPMorgan Chase. And not even Home Depot may be safe. Holes in the hardware giant’s data security may have exposed millions of American credit card numbers. In the process of getting hammered by frequent new vulnerabilities, many organizations are becoming desensitized to data loss, and it takes increasingly larger breaches to capture their attention. A staggering percentage of data breaches are never discovered, and when discovered are kept out of the news.

Just to highlight the possible negative outcomes of the reported data breaches, we’ll like to share the findings of ‘YouGov’. YouGov is a research company in the UK that measures ‘buzz score’ as a brand evaluation tactic. It asks online respondents if they have heard positive or negative things about a brand. Then it subtracts bad responses from the good ones, so a negative score means that overall consumer sentiment is in the red (and the best and worst score would be 100 and -100, respectively). Target saw its consumer perception plummet the most after 40 million shoppers had their data stolen late last year, according to YouGov. Target dropped from a “buzz score” of 20 to -29 in eight days. Home Depot’s 56 million-card breach caused its buzz score to drop from 22 to 6 in the 10 days following its statement in September.

There have been reports of 579 data breaches this year, a 27.5 percent increase over the same period last year, and it is only expected to become more common as consumers become more dependent on Internet-connected devices.

The breaches at major retailers and banks remind us of the hacks Microsoft’s operating system suffered 10 years ago. Microsoft was getting hacked every day and it created a combination of fatigue and anger to all stakeholders of Microsoft. Consumers were becoming numb to the numerous anti-virus alerts popping up on their computers, but they were also annoyed. Ultimately, over the course of years, Microsoft had to figure out how to fix security, not just patch it or issue updates and it got better, but only after Microsoft spent years approaching security differently as a company. It was not about doing a little bit better and hoping for different results; it was about taking an entirely new approach.

Similarly, banks, retailers and all organizations need to redress the way they handle security, and that isn’t going to happen overnight, which means we’ll likely see more and possibly bigger attacks in the coming months. But if they focus on changing security protocols rather than making quick fixes, they can mitigate the damage to consumers and their brands.

Measures to be taken against Data Breach

  • Considering the threats you plan to protect this data from (e.g., insider attack, external user), make sure you encrypt all sensitive data at rest and in transit in a manner that defends against these threats.
  • Don’t store sensitive data unnecessarily. Discard it as soon as possible. Data you don’t have can’t be stolen.
  • Ensure strong standard algorithms and strong keys are used, and proper key management is in place.
  • Ensure passwords are stored with an algorithm specifically designed for password protection,
  • Disable autocomplete on forms collecting sensitive data and disable caching for pages that contain sensitive data.
  • Consult Information Security Experts for detailed and thorough checks of all sensitive web applications.
  • Consider investing in DLP solutions or for Web Applications a WAF with custom rules (mask credit card numbers, SIN numbers) with targeted policies to prevent sensitive data exposure to clients.

web application security banner

Venkatesh Sundar

Venky is an Application Security technologist who built the new age Web application Scanner and Cloud WAF - AppTrana at Indusface as a Founding CTO. Currently, he spends his time on driving Product Roadmap, Customer Success, Growth, and technology adoption for US businesses.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Recent Notorious Hacks History
35 Most Notorious Hacks in History that Fall Under OWASP Top 10

What were the most notorious hacks in history? They’re subject to debate, but we bring you 27 of them, which would be strong candidates for the title.

Read More
Protect Your Business From Data Breach
Best Practices to Protect your Business from Data Breach

Data Breach is the situation were confidential, private and/or sensitive information is exposed to an unsecured environment/ unauthorized individual accidentally or by means of a deliberate attack on a system/.

Read More
CISO Responsibilities
CISO Responsibilities and Questions to Ask

Beefing up the security of your website is a necessity in today’s rapidly-changing digital landscape, but do you need a CISO?

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!