Information security is a race between peak indifference to surveillance and the point of no return for data-collection and retention.
The unprecedented leaks in 2016 were not the (merely) the result of data gathered last year; much of that data was gathered in the decades previous to this one, inadequately secured and treated as so inconsequential that Yahoo allowed the NSA to backdoor a billions-strong silo filled with data its customers had not even realized they were filling.
The number of people harmed by these breaches will only and ever go up from here; those people will demand action against commercial surveillance (and its siamese twin, government surveillance) with increasing clamor. But there's a point of no return for each of those people -- and, separately, for the institutions they rely on (cough Office of Personnel Management cough).
Problems that manifest long after the phenomena that cause them are the hardest to solve. You have to get people to care before the point of no return, but the evidence may only be utterly undeniable long after that point.
Does this sound familiar? It should: it's the same problem that gives us runaway climate change. We carbonize the atmosphere while Big Hydrocarbon sows expensive doubt about the reality of climate change; the more carbon we pump, the worse the consequences will be, and eventually those consequences will be too obvious for anyone to deny. But that point will come very late in the day -- too late for low-lying cities and the billions who rely on them. So: can we get people to care about the storms while they're merely disastrous, or will it take catastrophe?
Every click pumps more carbon into the surveillance economy; all that data will breach someday. Can we decarbonize the surveillance economy before it destroys us?
IBM explained that in 2015, healthcare was the most attacked industry, with financial services falling to third. However, attackers in 2016 refocused back on the financial sector, which was the industry most targeted by cyber attacks last year.
The healthcare industry continued to be beleaguered by a high number of incidents, IBM said, although attackers focused on smaller targets resulting in a lower number of leaked records. In 2016, only 12 million records were compromised in healthcare, compared with nearly 100 million in 2015.
Information and communication services companies experienced the highest number of incidents and records breached in 2016, with 3.4 billion records leaked and 85 breaches.
Governments were also targeted, with 398 million records leaked and 39 breach incidents.
Partially to blame for the 566 percent year-on-year increase in leaked information was former search engine giant Yahoo, which was responsible for leaking more than 1.5 billion records alone.
Leaked records up 566 percent to 4 billion in 2016: IBM Security [Asha McLean/Zdnet]
(via Beyond the Beyond)
(Image: Elevated Media, CC-BY-SA)