The news of another data breach, this time at Capital One, shows that, despite some progress, we still have so very far to go to head off hackers.
A recent report found, for instance, a 23-day drop in the average "dwell time" for hackers—the amount of time that they spend in a target's systems before being discovered. That's a huge improvement. But...the average is still 78 days. You don't want hackers spending 78 minutes in your systems, let alone 78 days.
Despite a 33% increase in the costs of cybercrime since 2016, investments in cybersecurity have only risen 10%.
No wonder premiums for cyber insurance are expected to increase 20% a year from 2014 through 2020.
Technology would seem to favor the good guys.
Something called "tokenization," for instance, holds promise. Basically, the actual, valuable data, like a Social Security number, doesn't get passed around. Only a "token" does. It gives the legitimate user access to necessary data but is of no value to a hacker.
Similarly, something called "homomorphic encryption" allows data to be transmitted and processed in the cloud while staying encrypted.
But these, and other, data-protection schemes only work if they are deployed, along with systems that help employees avoid being duped by tactics such as phishing schemes.
How many more Capital Ones must we see before we get truly serious about protecting ourselves and our clients?
Cheers,
Paul Carroll
Editor-in-Chief