In recent years, the technology news headlines have been dominated by data breach notifications. 2016 was no exception, but it also saw data breaches hitting mainstream media. Up until recently, data theft has been seen as more of a business issue. Of course, millions of individuals have been affected by financial data breaches or identity theft – and we don’t mean to demean the nature of these breaches – but 2016 was more disturbing.
There are several annual data security reports out there that show financial gain is the primary reason for data theft. They also describe the broader impact of a data breach in terms of lost revenue opportunities, business disruption, exposure to financial penalties, breach of compliance obligations and even a loss of trust or reputation.
2016 felt different; more personal, more worrying. The impact of last year’s breaches has brought home the true risks of data falling into the wrong hands.
Critical infrastructure has become a high-profile target for cyber-crime. Not so much for financial gain, but as a potential instrument of terror. The year started and ended with successful breaches of the Ukrainian power grid. If hackers can gain control over our utilities, the potential for loss of life is significant.
State-sponsored cyber-crime seems to be on the rise. From the North Korean hack of its Southern counterparts (and the rumours it was behind the Sony hack or 2014) to the possibility that Russia hacked both the Democratic National Committee and the Republican National Committee.
Although the breach itself took place back in 2013, Yahoo announced the loss of 1 billion (yes, billion) records in 2016 – the single largest data breach ever reported. In the same year, Anthem (the second largest Healthcare insurer in the US) announced the loss of 80million records and 400million people registered on ‘Friend Finder’ found themselves in a potentially embarrassing position.
Worse still is the potential that hacking directly influenced the US presidential election. 2016 began in the aftermath of the exposure of 191million voter records and ended with the alleged Russian hack and release of information to WikiLeaks.
When data theft moves beyond simple financial gain to impact on every aspect of our lives, it is time to rethink data security.
Fortunately, the world does appear to have sat up and taken notice. Set to become law next year, the new EU General Data Protection Regulation (GDPR) includes significant financial penalties for organisations found to be in breach of what is tantamount to the strictest data protection legislation to date.
Organisations that suffer preventable breaches and expose sensitive data to unauthorised users could face penalties of up to 4% of their global turnover, or €20million (whichever is higher). Elsewhere, South Korea has recently proposed that all state-run organisation implement quantum-safe encryption by 2020, to provide long-term data security.
In a world that has become dependent upon high speed data networks to communicate, one thing is apparent. Your network is not secure. Breaches are inevitable, so the only way to ensure privacy and security is to protect the data itself as it travels across the network. IE. Encryption.
Encryption represents the best, last line of defence against data breaches – ensuring that the data itself is rendered useless if it fall into unauthorised hands. However, not all encryption solutions are created equal.
Given enough time and computing power, even the most complex of today’s traditional encryption solutions can be broken. With the quantum computing era looming, the time taken to break these systems will come down from years to days. Hence the call for quantum-safe encryption.
2017 is likely to be another year of the data breach. But, perhaps it may also be the year of data legislation; as governments around the world attempt to stem the tide of cyber-crime. Expect to see tighter regulations, a greater call for encryption and much higher penalties for non-compliance.
Find out more about quantum-safe encryption from IDQ.